Summary: | KDE Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | esigra | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | A2 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 263028, 271889 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-04-02 10:49:54 UTC
Hi, i would love to help, but i dont have the kde3 for testing the patches i will took the liberty and cc tampakrap whom actualy can do the testing etc. i am maintaining only kde4 version of koffice embargo has been pushed back to 2009-04-16. I am not sure kde upstream is in the loop for this already. KDE herd, please provide updates to the supported KDE 3.5 ebuilds: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch Why is this blocking bug 245954 ? Is it fixed in 3.5.10? If it is not, please apply fixes. If stabilization of 3.5.10 is expected to take longer than 5 days from now, please also apply fixes to 3.5.9 so we can stable before that. This bug has been sitting without attention by the kde for too long. Soryy for the long delay, i was very busy the last month and there is no other kde3 maintainer at the moment. I took care the security bugs yesterday. This weekend i'm going to finish with the major bugs of kde3 and go for stabilization. The patches partially failed for kword and kpdf (monolithic). I won't fix kdegraphics as monolithic kde3 ebuilds are going to be removed. I'll spend my afternoon on this and report back with a solution Created attachment 192878 [details, diff]
kde-Xpdf-JBIG2.patch
KPDF port of xpdf-3.02pl3.patch
Created attachment 192879 [details, diff]
kde-CVE-2009-1188.patch
kpdf-3.5.10-r1 in tree, it has the above patches, thank you very much for them :) kpdf-3.5.9 and kdegraphics-3.5.9 won't be fixed as they will be removed after 3.5.10 stabilization. I have opened stabilization bug for kde 3.5.10, adding it in depend buglist KDE 3 is not in tree any more. CC us again if you need anything. thanks (In reply to comment #10) > KDE 3 is not in tree any more. CC us again if you need anything. thanks Looks like there's nothing to be stabilized anymore, should we make a decision about GLSA? A2 needs a GLSA, read http://www.gentoo.org/security/en/vulnerability-policy.xml. GLSA request filed. Package long gone. noglsa. |