> - Stack based buffer overflow, affecting poppler in the utils > section (reported by Daniel Kahn Gillmor, fixed in poppler 0.24.2) Please use CVE-2013-4473 for the Stack based buffer overflow > - User controlled format string, affecting poppler in the utils > section (reported by Daniel Kahn Gillmor and Pedro Ribeiro, fixed > in poppler 0.24.3) Please use CVE-2013-4474 for the User controlled format string
Now this one will need a libreoffice-bin rebuild...
2.24.3 bumped
arches, please test and mark stable: =app-text/poppler-2.24.3 target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
(In reply to Mikle Kolyada from comment #3) > arches, please test and mark stable: > > =app-text/poppler-2.24.3 > > target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" and its dependency =net-print/cups-filters-1.0.36-r1 same targets... (note, -r1 and NOT -r2 which requires newer gs)
amd64 / x86 stable
*** Bug 490046 has been marked as a duplicate of this bug. ***
alpha stable
ppc stable
ppc64 stable
arm stable
Stable for HPPA.
Re-adding alpha/arm/ppc/ppc64 for cups-filters
ia64 stable
CVE-2013-4474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4474): Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 024.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. CVE-2013-4473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4473): Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
glsa request filed
All vulnerable versions have been removed.
This issue was resolved and addressed in GLSA 201401-21 at http://security.gentoo.org/glsa/glsa-201401-21.xml by GLSA coordinator Sean Amoss (ackle).
