Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 115286
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 115286 depends on: Show dependency tree
Bug 115286 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-12-12 03:19 0000 
See bug 144428 for details. CUPS is traditionally affected by the same flaws so
this bug will track it.

------- Comment #1 From Daniel Gryniewicz 2005-12-12 13:21:05 0000 ------- 
cups < cups-1.1.23-r3 is vulnerable.  Starting with -r3, we disable the
internal
xpdf and use the xpdf package, so the fix for xpdf will make be sufficient for
cups.  Therefore, at least -r3 needs to go stable (preferably -r4, since that
has other fixes).

Target keywords: alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-12-12 13:26:30 0000 ------- 
Daniel good move, wish all other packages bundling xpdf could do the same:-) 
 
Arches please test and mark stable.  
  
Note: It's bug #114428 and not the one reported above.

------- Comment #3 From Daniel Gryniewicz 2005-12-12 20:40:30 0000 ------- 
amd64 done.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-12-13 05:55:57 0000 ------- 
1.1.23-r4 sparc stable.

------- Comment #5 From Markus Rothe 2005-12-13 08:45:56 0000 ------- 
1.1.23-r4 stable on ppc64.

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-12-13 11:11:27 0000 ------- 
hppa, ppc done

------- Comment #7 From Fernando J. Pereda (RETIRED) 2005-12-14 03:58:52 0000 ------- 
Alpha done

------- Comment #8 From Mark Loeser 2005-12-14 20:36:51 0000 ------- 
x86 done

------- Comment #9 From Niels Werensteijn 2005-12-15 09:12:18 0000 ------- 
While I am all for security, this action makes cups dependend on x11-libs/libXt
(via xpdf). I enjoy running my server with cups and without X11 related
packages. Is there any way we can solve this?

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-12-15 23:57:20 0000 ------- 
GLSA 200512-08 
 
First round done. 
 
ia64, mips, s390, sh don't forget to mark stable to benifit from the GLSA.

------- Comment #11 From Thierry Carrez (RETIRED) 2005-12-16 04:46:39 0000 ------- 
About comment #9, adding -motif to xpdf in package.use might prevent bringing X
deps in. In the event it doesn't solve it, please open a separate (non-security)
bug so that xpdf/CUPS maintainers can solve the problem.

------- Comment #12 From Niels Werensteijn 2005-12-16 06:06:06 0000 ------- 
-motif worked. Sorry for posting in the wrong section.

------- Comment #13 From Joshua 2006-01-03 10:55:27 0000 ------- 
There is a bit of a conflict for me. emerge kpdf and cups. Kpdf wants poppler
and cups wants xpdf but I cannot install poppler and xpdf at same time

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-01-03 13:37:27 0000 ------- 
Joshua, currently non X applications are moving towards depending on poppler
instead of xpdf. At the moment stable is broken, but the printing herd is
working to get this fixed.

------- Comment #15 From Daniel Gryniewicz 2006-01-08 16:40:21 0000 ------- 
You *can* install poppler and xpdf at the same time.  New poppler block old
xpdf.  Unmerge xpdf, and let it's deps pull it back in, and all should be fine.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug