Summary: | <app-text/poppler-0.61.1: multiple vulnerabilities (CVE-2017-1497{5,6,7}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | holgersson, printing, reavertm |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
app-text/poppler-0.62.0-r1
|
Runtime testing required: | --- |
Bug Depends on: | 432144, 631800, 641340, 643836, 643996, 644800, 646638 | ||
Bug Blocks: | 644802, 645868 |
Description
Ian Zimmerman
2018-01-12 21:55:46 UTC
Stable on alpha. *** Bug 644456 has been marked as a duplicate of this bug. *** ppc/ppc64 stable arm stable ping hppa hppa stable Poppler cleanup actually depends on texlive-core security cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9526cde161497cd43721f89c6d8aa23328be8e4 commit c9526cde161497cd43721f89c6d8aa23328be8e4 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-03-18 14:06:40 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-07 15:35:36 +0000 app-text/poppler: Cleanup vulnerable Bug: https://bugs.gentoo.org/644388 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-text/poppler/Manifest | 2 - .../files/poppler-0.26.0-qt5-dependencies.patch | 31 --- .../poppler/files/poppler-0.33.0-openjpeg2.patch | 15 -- app-text/poppler/files/poppler-0.40-FindQt4.patch | 31 --- .../files/poppler-0.53.0-respect-cflags.patch | 52 ----- .../files/poppler-0.57.0-CVE-2017-14517.patch | 27 --- .../files/poppler-0.57.0-CVE-2017-14518.patch | 27 --- .../files/poppler-0.57.0-CVE-2017-14519.patch | 100 -------- .../files/poppler-0.57.0-CVE-2017-14520.patch | 24 -- .../files/poppler-0.57.0-CVE-2017-14617.patch | 31 --- .../files/poppler-0.57.0-CVE-2017-14926.patch | 36 --- .../files/poppler-0.57.0-CVE-2017-14927.patch | 32 --- .../files/poppler-0.57.0-CVE-2017-14928.patch | 69 ------ .../files/poppler-0.57.0-CVE-2017-14929.patch | 252 --------------------- .../files/poppler-0.57.0-CVE-2017-15565.patch | 28 --- app-text/poppler/poppler-0.57.0-r1.ebuild | 158 ------------- app-text/poppler/poppler-0.61.1.ebuild | 145 ------------ 17 files changed, 1060 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc1472f6e2b8df1aa3528554f323ddd248ec1dfa commit cc1472f6e2b8df1aa3528554f323ddd248ec1dfa Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-03-19 18:44:44 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-07 15:35:35 +0000 dev-texlive/texlive-*: Drop 2015 Bug: https://bugs.gentoo.org/644388 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-text/texlive-core/Manifest | 120 - app-text/texlive-core/texlive-core-2015-r1.ebuild | 344 --- dev-texlive/texlive-basic/Manifest | 53 - .../texlive-basic/texlive-basic-2015.ebuild | 31 - dev-texlive/texlive-bibtexextra/Manifest | 217 -- .../texlive-bibtexextra-2015.ebuild | 31 - dev-texlive/texlive-context/Manifest | 67 - .../texlive-context/texlive-context-2015.ebuild | 61 - dev-texlive/texlive-fontsextra/Manifest | 512 ---- .../texlive-fontsextra-2015.ebuild | 20 - dev-texlive/texlive-fontsrecommended/Manifest | 63 - .../texlive-fontsrecommended-2015.ebuild | 23 - dev-texlive/texlive-fontutils/Manifest | 32 - .../texlive-fontutils-2015.ebuild | 39 - dev-texlive/texlive-formatsextra/Manifest | 19 - .../texlive-formatsextra-2015.ebuild | 21 - dev-texlive/texlive-games/Manifest | 74 - .../texlive-games/texlive-games-2015.ebuild | 23 - dev-texlive/texlive-genericextra/Manifest | 98 - .../texlive-genericextra-2015.ebuild | 19 - dev-texlive/texlive-genericrecommended/Manifest | 20 - .../texlive-genericrecommended-2015.ebuild | 22 - dev-texlive/texlive-humanities/Manifest | 119 - .../texlive-humanities-2015.ebuild | 20 - dev-texlive/texlive-langafrican/Manifest | 9 - .../texlive-langafrican-2015.ebuild | 19 - dev-texlive/texlive-langarabic/Manifest | 30 - .../texlive-langarabic-2015.ebuild | 24 - dev-texlive/texlive-langchinese/Manifest | 38 - .../texlive-langchinese-2015.ebuild | 25 - dev-texlive/texlive-langcjk/Manifest | 20 - .../texlive-langcjk/texlive-langcjk-2015.ebuild | 26 - dev-texlive/texlive-langcyrillic/Manifest | 85 - .../texlive-langcyrillic-2015.ebuild | 33 - dev-texlive/texlive-langitalian/Manifest | 38 - .../texlive-langitalian-2015.ebuild | 20 - dev-texlive/texlive-langjapanese/Manifest | 57 - .../texlive-langjapanese-2015.ebuild | 28 - dev-texlive/texlive-langkorean/Manifest | 17 - .../texlive-langkorean-2015.ebuild | 21 - dev-texlive/texlive-langother/Manifest | 52 - .../texlive-langother-2015.ebuild | 27 - dev-texlive/texlive-langpolish/Manifest | 36 - .../texlive-langpolish-2015.ebuild | 21 - dev-texlive/texlive-langportuguese/Manifest | 20 - .../texlive-langportuguese-2015.ebuild | 20 - dev-texlive/texlive-langspanish/Manifest | 27 - .../texlive-langspanish-2015.ebuild | 20 - dev-texlive/texlive-latex/Manifest | 72 - .../texlive-latex/texlive-latex-2015.ebuild | 29 - dev-texlive/texlive-latexextra/Manifest | 2696 -------------------- .../texlive-latexextra-2015-r1.ebuild | 44 - dev-texlive/texlive-latexrecommended/Manifest | 134 - .../texlive-latexrecommended-2015-r1.ebuild | 32 - dev-texlive/texlive-luatex/Manifest | 80 - .../texlive-luatex/texlive-luatex-2015.ebuild | 29 - dev-texlive/texlive-metapost/Manifest | 84 - .../texlive-metapost/texlive-metapost-2015.ebuild | 31 - dev-texlive/texlive-music/Manifest | 50 - .../texlive-music/texlive-music-2015.ebuild | 32 - dev-texlive/texlive-omega/Manifest | 16 - .../texlive-omega/texlive-omega-2015.ebuild | 24 - dev-texlive/texlive-pictures/Manifest | 304 --- .../texlive-pictures-2015-r2.ebuild | 68 - dev-texlive/texlive-plainextra/Manifest | 46 - .../texlive-plainextra-2015.ebuild | 21 - dev-texlive/texlive-pstricks/Manifest | 226 -- .../texlive-pstricks/texlive-pstricks-2015.ebuild | 27 - dev-texlive/texlive-publishers/Manifest | 362 --- .../texlive-publishers-2015.ebuild | 20 - dev-texlive/texlive-xetex/Manifest | 81 - .../texlive-xetex/texlive-xetex-2015.ebuild | 41 - 72 files changed, 7310 deletions(-)} Cleanup done, security, please proceed. KDE is done here. This issue was resolved and addressed in GLSA 201804-03 at https://security.gentoo.org/glsa/201804-03 by GLSA coordinator Aaron Bauman (b-man). |