Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 78249 - net-print/cups includes vulnerable xpdf again
Summary: net-print/cups includes vulnerable xpdf again
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa] koon
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-16 11:19 UTC by Thierry Carrez (RETIRED)
Modified: 2005-02-06 19:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-01-16 11:19:20 UTC 
A new Xpdf vulnerability will be disclosed on January 18. This will probably impact (again) CUPS.

Heinrich, you should probably apply the same patch as xpdf to CUPS, unless you feel confident that vulnerable code is not called from CUPS.

Same thing, attach ebuild here and I'll call arch testing.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-01-18 06:50:51 UTC 
Better wait for the upstream official patch.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-01-19 00:33:09 UTC 
Printing team, please bump CUPS with xpdf-3.00pl3.patch from bug 77888
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2005-01-19 05:42:40 UTC 
bumped to -r1
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-01-19 07:26:10 UTC 
Arches please test & mark 1.1.23-r1 stable
Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86"
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-01-20 07:07:19 UTC 
sparc stable.
Comment 6 Bryan Østergaard (RETIRED) gentoo-dev 2005-01-20 10:17:37 UTC 
Stable on alpha.
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2005-01-20 11:34:15 UTC 
stable on ppc64
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-01-21 02:14:53 UTC 
corsair: ppc64 stable KEYWORD is missing in the ebuild I got from CVS
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2005-01-21 02:38:21 UTC 
might be a little bit late yesterday.. Now the ebuild is stable on ppc64.
Comment 10 Lars Weiler (RETIRED) gentoo-dev 2005-01-21 09:20:17 UTC 
ppc stable.
Comment 11 Jan Brinkmann (RETIRED) gentoo-dev 2005-01-21 12:20:22 UTC 
stable on amd64.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-01-22 01:25:05 UTC 
GLSA 200501-30
arm ia64 mips hppa s390: please mark stable to benefit from GLSA
Comment 13 Joshua Kinard gentoo-dev 2005-02-06 19:38:43 UTC 
mips stable.