Summary: | app-text/xpdf: Multiple vulnerabilities (CVE-2009-4035,CVE-2010-{3702,3704}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jrmalaq, stephan.litterst, walch.martin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2011-10-08 12:57:09 UTC
*** Bug 388089 has been marked as a duplicate of this bug. *** @printing: 3.03 is out, with the following security update (from changelog): -Fixed a buffer overflow security hole in StreamPredictor. -Rewrote the CCITTFax decoder inner loop - this fixes a security hole. -Fixed two security holes (missing bounds checks) in the DCT decoder. -Fixed a security hole: integer bounds check in the Type 1 encoding parser in FoFiType1.cc -Commented out the t1lib section in the configure script -- t1lib has some potential security holes, and hasn't been updated in years. Removed from the portage tree. (In reply to comment #3) > Removed from the portage tree. Thank you. GLSA request filed. I've just come across this on noting that xpdf is no longer in the portage tree. Am I reading right that it was temporarily removed due to this bug? Is it coming back? Can I help with getting it back? (In reply to Martin Bays from comment #5) > I've just come across this on noting that xpdf is no longer in the portage > tree. Am I reading right that it was temporarily removed due to this bug? Is > it coming back? Can I help with getting it back? Open another bugreport for this, this one is for tracking security vulnerabilities and GLSA release process(that continues even if package was removed from tree). This issue was resolved and addressed in GLSA 201402-17 at http://security.gentoo.org/glsa/glsa-201402-17.xml by GLSA coordinator Mikle Kolyada (Zlogene). |