pdfkit includes xpdf code and therefore might be vulnerable to CAN-2004-1125. Please see bug 75191 for details and the patch.
PDFkit contains the vulnerable code gnustep, pls provide an updated ebuild with the patches from bug 75191
*bump* gnustep team: please patch and bump :)
Not sure if I overlooked (noped, not in my mailbox) the previous emails -- was the gnustep@gentoo.org alias added recently? Regardless, I'll get right on this; I'll likely contact the upstream maintainer too about this, as I think solely the last round of pdf vulnerabilities are officially known about by him, as posted on his website.
fafhrd: the gnustep Cc: was there at bug creation :) Keep us posted !
Patch applied; ebuild updated. I leave the glory of closing the bug for the security team. ;-)
Thx fafhrd, closing.
