Summary: | app-office/koffice xpdf vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kde |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Thierry Carrez (RETIRED)
2004-12-21 09:09:08 UTC
koffice contains xpdf 2.00 (patched for earlier integer overflow stuff) and the vulnerability is verified for 3.00 Nevertheless the patch applies cleanly except for the last part (GfxState.cc lines 1054,1060), which is just a slight change in an error message afaict. KDE security has been notified about this together with the kpdf issue. upstream has patched versions in CVS <<< koffice-1.3.5-r1.ebuild <<< files/koffice_1_3_xpdf_buffer_overflow.diff herds: please mark stable. ppc{,64}: if it's necessary to create a new revision for 1.3.4, please do so, the patch should apply as well. sparc is a go-go. amd64 done app-office/koffice-1.3.5-r1 is stable on ppc64. Markus Stable on alpha. Already marked ppc stable. GLSA 200501-17 |