Summary: | app-office/{koffice,kword}, kde-base/{kdegraphics,kpdf} - stack based buffer overflow (CVE-2007-3387) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mjf |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Carsten Lohrke (RETIRED)
2007-07-30 15:10:59 UTC
for xpdf, it's bug 185225 So why weren't bugs created for the maintainers of the usual suspects of packages to be affected as well? From looking at the GLSA list aside KDE there are gpdf, libextractor, pdftohtml and possibly others to have a look at. kword-1.6.3-r1 and koffice-1.6.3-r1 can go stable, kpdf-3.5.7-r1 and kdegraphics-3.5.7-r1 will be taken care of with the stabilization of KDE 3.5.7. Security team, please change visibility, it's public. *** Bug 187310 has been marked as a duplicate of this bug. *** thanks for the info carlo. Arches, please test and mark stable: kword-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" koffice-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Sparc done for both. koffice-1.6.3-r1 builds and installs as expected; utilities seem to work. kword-1.6.3-r1 (same source) builds as expected and passes with FEATURES=test. Marked stable for HPPA: app-office/koffice-1.6.3-r1 app-office/kword-1.6.3-r1 ppc64 stable alpha/ia64/x86 stable ppc stable "poppler includes a copy of the xpdf code and required an update as well." (In reply to comment #12) > "poppler includes a copy of the xpdf code and required an update as well." > Pointed that out in comment 2 already (well, didn't mention poppler being affected as it is what you'd expect). Can the security team please unrestrict bug 185225 as well!? The xpdf vuln. really isn't news anymore. Also, are there (restricted) bugs for the other packages, yet? amd64 stable Changing status to [glsa], security please do your magic. GLSA 200710-08, sorry for the delay |