Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 185225 - app-text/xpdf: patch for vulnerability in 3.02 (CVE-2007-3387)
Summary: app-text/xpdf: patch for vulnerability in 3.02 (CVE-2007-3387)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [ebuild] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-13 19:39 UTC by Stefan Cornelius (RETIRED)
Modified: 2007-09-27 23:09 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
proposed upstream patch (xpdf-3.02pl1.patch,981 bytes, patch)
2007-07-13 19:42 UTC, Stefan Cornelius (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Cornelius (RETIRED) gentoo-dev 2007-07-13 19:39:59 UTC 
hi, there is a vuln in xpdf. no time to look closely at it yet, but i will add the proposed patch. disclosure is early net week.

Any clues which packages are also affected or may potentially share the same code?
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2007-07-13 19:41:59 UTC 
printing  herd, i'll post the proposed patch to this bug. please provide fixed ebuilds and attach them here, do not commit anything, since this is secret for the time being.
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2007-07-13 19:42:43 UTC 
Created attachment 124764 [details, diff]
proposed upstream patch
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 10:38:15 UTC 
Herds are no good on restricted bugs. CC'ing genstef instead.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-04 16:37:08 UTC 
public now. Genstef/printing, any news here?
Comment 5 Stefan Schweizer (RETIRED) gentoo-dev 2007-08-04 21:42:31 UTC 
we still dont use xpdf, we only use poppler. So it would be cool to get a poppler patch and know if poppler is even affected :)
Comment 6 Jonathan Smith (RETIRED) gentoo-dev 2007-08-06 00:32:52 UTC 
yes, poppler is affected. so are gpdf, cups, kpdf (kdegraphics), tetex, and anything else which includes xpdf code
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2007-08-06 05:32:34 UTC 
Can't compile it myself, but gnustep-libs/pdfkit has xpdf-3.0 (resp. 3.01) code included and is a potential, too. Is that package actually still vulnerable to bug #114428 ?
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2007-09-27 23:09:26 UTC 
All XPDF code forks have their own bug and are fixed, one way or another. Closing.