Gentoo Bug 75200 - app-text/pdftohtml is probably affected by new xpdf vuln

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	75200
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 75200 depends on:			Show dependency tree
Bug 75200 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-12-21 09:06 0000

pdftohtml includes xpdf code and therefore might be vulnerable to
CAN-2004-1125.
Please see bug 75191 for the patch.

Robin, you did the last security bump, could you please look into it ?

------- Comment #1 From Matthias Geerdsen 2004-12-21 12:21:41 0000 -------

pdftohtml contains xpdf 2.02 and the vulnerability is verified for 3.00

Nevertheless the patch applies cleanly except for the last part (GfxState.cc lines 1054,1060), which is just a slight change in an error message afaict.

------- Comment #2 From Thierry Carrez (RETIRED) 2004-12-28 04:50:08 0000 -------

Robin: please apply patch and bump

------- Comment #3 From Robin Johnson 2005-01-07 03:46:59 0000 -------

patch in cvs now.
sparc,ppc,amd64,ppc64 need to mark stable.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-01-07 04:51:34 0000 -------

Thx Robin.
ppc, ppc64, sparc: please test and mark 0.36-r2 stable

------- Comment #5 From Markus Rothe 2005-01-07 07:09:11 0000 -------

stable on ppc64

------- Comment #6 From Lars Weiler (RETIRED) 2005-01-08 11:56:17 0000 -------

stable on ppc.

------- Comment #7 From Jason Wever (RETIRED) 2005-01-09 09:30:03 0000 -------

Stable on sparc

------- Comment #8 From Thierry Carrez (RETIRED) 2005-01-10 01:17:20 0000 -------

GLSA 200501-13

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 75200

app-text/pdftohtml is probably affected by new xpdf vuln

Last modified: 2005-01-10 01:17:20 0000