First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 75203
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75203 depends on: Show dependency tree
Bug 75203 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-21 09:09 0000 
koffice includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for details and the patch.

------- Comment #1 From Matthias Geerdsen 2004-12-21 13:31:38 0000 ------- 
koffice contains xpdf 2.00 (patched for earlier integer overflow stuff) and the
vulnerability is verified for 3.00

Nevertheless the patch applies cleanly except for the last part (GfxState.cc
lines 1054,1060), which is just a slight change in an error message afaict.

------- Comment #2 From Matthias Geerdsen 2004-12-21 13:45:15 0000 ------- 
KDE security has been notified about this together with the kpdf issue.

------- Comment #3 From Matthias Geerdsen 2004-12-22 06:35:55 0000 ------- 
upstream has patched versions in CVS

------- Comment #4 From Carsten Lohrke 2004-12-22 11:50:55 0000 ------- 
<<< koffice-1.3.5-r1.ebuild
<<< files/koffice_1_3_xpdf_buffer_overflow.diff

herds: please mark stable. 

ppc{,64}: if it's necessary to create a new revision for 1.3.4, please do so, the patch should apply as well.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2004-12-22 16:12:14 0000 ------- 
sparc is a go-go.

------- Comment #6 From Dylan Carlson (RETIRED) 2004-12-22 18:45:39 0000 ------- 
amd64 done

------- Comment #7 From Markus Rothe 2004-12-23 11:38:00 0000 ------- 
app-office/koffice-1.3.5-r1 is stable on ppc64.

Markus

------- Comment #8 From Bryan Østergaard (RETIRED) 2004-12-23 12:16:49 0000 ------- 
Stable on alpha.

------- Comment #9 From Joe Jezak 2005-01-03 03:35:58 0000 ------- 
Already marked ppc stable.

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-01-11 05:32:26 0000 ------- 
GLSA 200501-17
First Last Prev Next    No search results available      Search page      Enter new bug