| Summary: | app-text/xpdf: patch for vulnerability in 3.02 (CVE-2007-3387) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Cornelius (RETIRED) <dercorny> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | normal | CC: | genstef, printing, rbu | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | A2 [ebuild] DerCorny | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
|
Description
Stefan Cornelius (RETIRED)
2007-07-13 19:39:59 UTC
printing herd, i'll post the proposed patch to this bug. please provide fixed ebuilds and attach them here, do not commit anything, since this is secret for the time being. Created attachment 124764 [details, diff]
proposed upstream patch
Herds are no good on restricted bugs. CC'ing genstef instead. public now. Genstef/printing, any news here? we still dont use xpdf, we only use poppler. So it would be cool to get a poppler patch and know if poppler is even affected :) yes, poppler is affected. so are gpdf, cups, kpdf (kdegraphics), tetex, and anything else which includes xpdf code Can't compile it myself, but gnustep-libs/pdfkit has xpdf-3.0 (resp. 3.01) code included and is a potential, too. Is that package actually still vulnerable to bug #114428 ? All XPDF code forks have their own bug and are fixed, one way or another. Closing. |