Bug 75200

Summary:	app-text/pdftohtml is probably affected by new xpdf vuln
Product:	Gentoo Security	Reporter:	Thierry Carrez (RETIRED) <koon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	robbat2
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Thierry Carrez (RETIRED) gentoo-dev

2004-12-21 09:06:38 UTC

pdftohtml includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for the patch.

Robin, you did the last security bump, could you please look into it ?

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2004-12-21 12:21:41 UTC

pdftohtml contains xpdf 2.02 and the vulnerability is verified for 3.00

Nevertheless the patch applies cleanly except for the last part (GfxState.cc lines 1054,1060), which is just a slight change in an error message afaict.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2004-12-28 04:50:08 UTC

Robin: please apply patch and bump

Comment 3 Robin Johnson archtester

2005-01-07 03:46:59 UTC

patch in cvs now.
sparc,ppc,amd64,ppc64 need to mark stable.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2005-01-07 04:51:34 UTC

Thx Robin.
ppc, ppc64, sparc: please test and mark 0.36-r2 stable

Comment 5 Markus Rothe (RETIRED) gentoo-dev

2005-01-07 07:09:11 UTC

stable on ppc64

Comment 6 Lars Weiler (RETIRED) gentoo-dev

2005-01-08 11:56:17 UTC

stable on ppc.

Comment 7 Jason Wever (RETIRED) gentoo-dev

2005-01-09 09:30:03 UTC

Stable on sparc

Comment 8 Thierry Carrez (RETIRED) gentoo-dev

2005-01-10 01:17:20 UTC

GLSA 200501-13