| Summary: | app-text/xpdf | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Daniel Ahlberg (RETIRED) <aliz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | usata |
| Priority: | Highest | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
The xpdf team patched the referenced vulnerability in version 2.02pl1. An ebuild for this version is already available in portage (xpdf-2.02.1.ebuild). Is there a vulnerability, beyond what has already been patched, keeping this bug open? Nope. This can be closed in fact. I think we might have missed the window of sending out GLSA's on this one as it seems to have been fixed for some time. Note: Also it looks like 2.03 just hit portage as ~arch masked. |
________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: xpdf Advisory ID: MDKSA-2003:071-1 Date: July 23rd, 2003 Original Advisory Date: June 27th, 2003 Affected versions: 9.0, 9.1, Corporate Server 2.1 ________________________________________________________________________ Problem Description: Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update: New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0434 ________________________________________________________________________