115848 – Stable version of poppler is subject of GLSA

Bug 115848 - Stable version of poppler is subject of GLSA

Summary: Stable version of poppler is subject of GLSA

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:	114428
Blocks:
	Show dependency tree

Reported:	2005-12-17 05:28 UTC by Richard Freeman
Modified:	2005-12-17 06:16 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Richard Freeman gentoo-dev

2005-12-17 05:28:58 UTC

Not sure if this is a dupe or not - but if there is an open bug to this effect it must be hidden (or not mention poppler in the subject).  On amd64 the current stable version of poppler is 0.3.0-r1, and a recent GLSA (200512-08) indicates all versions < 0.4.2-r1 are vulnerable.  I noticed that the non-vulnerable version is also ~x86.

So, either the GLSA is wrong and there are non-vulnerable lower versions, or the GLSA was released before the fixed version was marked stable on any arch - likely to confuse many an admin (at least those of us who read GLSAs).

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-17 05:49:43 UTC

Yep, you're right: GLSA is wrong and there is a non-vulnerable lower version (0.3.0-r1).

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-12-17 06:00:42 UTC

Fixed in CVS. Should appear in Portage and the website in about 30 minutes.

Comment 3 Jeffrey Forman (RETIRED) gentoo-dev

2005-12-17 06:16:39 UTC

Quick change of platform in bugzilla. Sorry about the email.