Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 75201
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75201 depends on: Show dependency tree
Bug 75201 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-21 09:07 0000 
gpdf includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for the patch.

------- Comment #1 From Matthias Geerdsen 2004-12-21 12:26:26 0000 ------- 
gpdf includes xpdf 3.00 with the vulnerable code

gnome herd, pls provide an updated ebuild with the patches from bug 75191

------- Comment #2 From Joe McCann (RETIRED) 2004-12-22 04:52:27 0000 ------- 
Added gpdf-2.8.1-r1 to the tree with gpdf-xpdf-CAN-2004-1125.patch. Thanks for
the heads up.

------- Comment #3 From Matthias Geerdsen 2004-12-22 07:12:11 0000 ------- 
thanks Joe

security, this seems ready for a GLSA, since maintainer has kept keywords

Maybe we can combine this with the other xpdf related bugs?

------- Comment #4 From Joe McCann (RETIRED) 2004-12-22 09:05:48 0000 ------- 
not all archs are stable yet, cc'ing them.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2004-12-22 09:23:04 0000 ------- 
Disclaimer: careful with moving over stable keywords, it wouldn't be the first
time it broke (recent example = php).
Ok, sparc stable.

------- Comment #6 From Mike Gardiner (RETIRED) 2004-12-22 17:31:36 0000 ------- 
PPC stable.

------- Comment #7 From Dylan Carlson (RETIRED) 2004-12-22 18:47:39 0000 ------- 
amd64 done

------- Comment #8 From Thierry Carrez (RETIRED) 2004-12-23 02:37:10 0000 ------- 
Back to [stable] status : not ready yet, still missing a necessary keyword
(alpha).

------- Comment #9 From Bryan Østergaard (RETIRED) 2004-12-23 12:33:50 0000 ------- 
Stable on alpha.

------- Comment #10 From Guy Martin 2004-12-28 04:49:48 0000 ------- 
Stable on hppa.

------- Comment #11 From Thierry Carrez (RETIRED) 2004-12-28 05:09:18 0000 ------- 
GLSA 200412-24
ia64, mips : please mark gpdf stable to benefit from GLSA

------- Comment #12 From Hardave Riar (RETIRED) 2004-12-29 21:57:08 0000 ------- 
Stable on mips.

------- Comment #13 From Matthias Geerdsen 2005-01-07 08:07:23 0000 ------- 
btw, this was http://bugzilla.gnome.org/show_bug.cgi?id=162084

a fixed gpdf 2.8.2 is supposed to follow today
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug