Summary: | net-print/cups xpdf holes (CAN-2005-319{1|2|3}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2? [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Thierry Carrez (RETIRED)
2005-12-12 03:19:53 UTC
cups < cups-1.1.23-r3 is vulnerable. Starting with -r3, we disable the internal xpdf and use the xpdf package, so the fix for xpdf will make be sufficient for cups. Therefore, at least -r3 needs to go stable (preferably -r4, since that has other fixes). Target keywords: alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 Daniel good move, wish all other packages bundling xpdf could do the same:-) Arches please test and mark stable. Note: It's bug #114428 and not the one reported above. amd64 done. 1.1.23-r4 sparc stable. 1.1.23-r4 stable on ppc64. hppa, ppc done Alpha done x86 done While I am all for security, this action makes cups dependend on x11-libs/libXt (via xpdf). I enjoy running my server with cups and without X11 related packages. Is there any way we can solve this? GLSA 200512-08 First round done. ia64, mips, s390, sh don't forget to mark stable to benifit from the GLSA. About comment #9, adding -motif to xpdf in package.use might prevent bringing X deps in. In the event it doesn't solve it, please open a separate (non-security) bug so that xpdf/CUPS maintainers can solve the problem. -motif worked. Sorry for posting in the wrong section. There is a bit of a conflict for me. emerge kpdf and cups. Kpdf wants poppler and cups wants xpdf but I cannot install poppler and xpdf at same time Joshua, currently non X applications are moving towards depending on poppler instead of xpdf. At the moment stable is broken, but the printing herd is working to get this fixed. You *can* install poppler and xpdf at the same time. New poppler block old xpdf. Unmerge xpdf, and let it's deps pull it back in, and all should be fine. |