First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 75204
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75204 depends on: 72750 Show dependency tree
Bug 75204 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-21 09:10 0000 
kfax includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for details and the patch.

------- Comment #1 From Caleb Tennis 2004-12-21 09:44:32 0000 ------- 
hasn't this already been fixed and GLSA'd?

------- Comment #2 From Caleb Tennis 2004-12-21 09:46:01 0000 ------- 
...or is this a new vulnerability?

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-12-21 09:49:24 0000 ------- 
A new vulnerability in xpdf that might affect kde. I think koon meant kpdf and
not kfax.

------- Comment #4 From Matthias Geerdsen 2004-12-21 12:56:27 0000 ------- 
kpdf seem to include the vulnerable code and the patch applies cleanly
upstream has been notified

kde, pls provide an updated ebuild

------- Comment #5 From Thierry Carrez (RETIRED) 2004-12-22 08:16:24 0000 ------- 
*** Bug 75301 has been marked as a duplicate of this bug. ***

------- Comment #6 From Matthias Geerdsen 2004-12-23 03:29:01 0000 ------- 
KDE security advisory published:
http://www.kde.org/info/security/advisory-20041223-1.txt

------- Comment #7 From Sune Kloppenborg Jeppesen 2004-12-23 03:40:18 0000 ------- 
Thx Mathias. Kde please provide an updated ebuild.

------- Comment #8 From Caleb Tennis 2004-12-27 07:22:51 0000 ------- 
updated: kdegraphics-3.2.3-r3, kdegraphics-3.3.2-r1

------- Comment #9 From Sune Kloppenborg Jeppesen 2004-12-27 10:34:50 0000 ------- 
Thx Caleb.

Arches please mark kdegraphics-3.2.3-r3 stable. Handling stable marking of 3.3.2 on bug #72750

------- Comment #10 From Guy Martin 2005-01-03 16:50:19 0000 ------- 
Stable on hppa.

------- Comment #11 From Marcus D. Hanwell 2005-01-03 19:53:03 0000 ------- 
kdegraphics-3.3.2-r1 has already been marked stable on amd64 by Dylan.

------- Comment #12 From Bryan Østergaard (RETIRED) 2005-01-05 10:11:10 0000 ------- 
3.3.2-r1 already stable on alpha.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-01-06 11:43:13 0000 ------- 
sparc please mark 3.2.3-r3 and 3.3.2-r1 stable.
amd64 please mark 3.2.3-r3 stable if possible or GLSA should get an amd64 specific affected version section.

------- Comment #14 From Karol Wojtaszek (RETIRED) 2005-01-06 14:40:50 0000 ------- 
Stable on amd64

------- Comment #15 From Jason Wever (RETIRED) 2005-01-09 09:12:13 0000 ------- 
Just letting you know that sparc is looking into this.  Been having some
problems with kicker crashing on startup that seem to affect both 3.2.3 and
3.3.x.  Trying to isolate this.

------- Comment #16 From Sune Kloppenborg Jeppesen 2005-01-11 05:32:11 0000 ------- 
GLSA 200501-17

------- Comment #17 From Jason Wever (RETIRED) 2005-01-11 19:51:31 0000 ------- 
Stable on sparc

------- Comment #18 From Sune Kloppenborg Jeppesen 2005-01-11 22:35:09 0000 ------- 
sparc stable closing with GLSA 200501-17

------- Comment #19 From Sune Kloppenborg Jeppesen 2005-01-11 22:41:20 0000 ------- 
And now fixed in the right order.
First Last Prev Next    No search results available      Search page      Enter new bug