Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 264601

Summary: *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: aballier, fauli, ulm
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 263028    
Bug Blocks:    

Description Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 10:48:09 UTC 
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Multiple vulnerabilities have been discovered in Xpdf as shipped in
* app-text/tetex
* app-text/texlive-core
* app-text/ptex

Note we also have bug 264598 open, but waiting for a patch. Please find Xpdf patches in the blocking bug.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 11:04:37 UTC 
teTeX removal via bug 227443.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-04-04 12:26:58 UTC 
embargo has been pushed back to 2009-04-16.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-04-25 12:37:48 UTC 
TeX herd, please provide updates to the supported TeX distribtuions.

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
Comment 4 Alexis Ballier gentoo-dev 2009-04-29 22:34:22 UTC 
(In reply to comment #3)
> TeX herd, please provide updates to the supported TeX distribtuions.
> 
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch

tl-core-2008-r5 has the patch.
There is still that bibtex issue standing but since i've yet to see a patch i've prefered to stop waiting and push that one first.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-04-30 08:54:17 UTC 
Arches, please test and mark stable:
=app-text/texlive-core-2008-r5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-01 12:49:17 UTC 
Stable for HPPA.
Comment 7 Markus Meier gentoo-dev 2009-05-01 14:10:26 UTC 
amd64/x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-05-03 11:13:58 UTC 
alpha/arm/ia64/s390/sh/sparc stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-05-03 12:54:32 UTC 
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-05-03 12:54:37 UTC 
ppc done
Comment 11 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-03 18:49:16 UTC 
GLSA request filed.
Comment 12 Johannes Huber (RETIRED) gentoo-dev 2012-05-17 13:19:02 UTC 
Thank you all. TeX herd has nothing to do here anymore. Removing from CC.
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 01:02:54 UTC 
This was fixed prior to 2010 years ago and will not receive a GLSA.