Summary: | kde-base/kdegraphics: vulnerabilities in kpdf | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | fbusse |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | kde, m.debruijne |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.kde.org/info/security/advisory-20041021-1.txt | ||
Whiteboard: | A2 [glsa] vorlon | ||
Package list: | Runtime testing required: | --- |
Description
fbusse
2004-10-22 08:57:04 UTC
kde, pls verify and update ebuild I've tested both the patches with the splitted up kpdf ebuilds (to speedup compilation) and they compiles and works well. kpdf-3.3.0 using patch post-3.2.3-kdegraphics.diff kpdf-3.3.1 using patch post-3.3.1-kdegraphics.diff KDE team, since 3.3.0 is the latest stable ebuild and 3.3.1 the newest version, those should be patched. Additionally a patched stable version for alpha is needed too, which would probably mean to patch 3.2.3 and get it stable on alpha. <<< kdegraphics-3.3.1-r1.ebuild <<< kdegraphics-3.2.3-r1.ebuild <<< kdegraphics-3.3.0-r1.ebuild arch herds, please keyword I couldn't test 3.2.3, but I thought it's better to let someone with KDE 3.2.x (and a faster box) find out if it breaks. Stable on alpha. BTW, why does kdegraphics depend on xpdf if kpdf comes with it already? You're right, I'm quite sure that there's no need for it. I didn't noticed it before. Stable on sparc. stable on ppc SeJo: current CVS checkout shows : kdegraphics-3.2.3-r1.ebuild:KEYWORDS="x86 ~ppc sparc alpha ~hppa ~amd64 ~ia64" kdegraphics-3.3.0-r1.ebuild:KEYWORDS="x86 ~amd64 ~ppc64 sparc ~ppc ~hppa" kdegraphics-3.3.1-r1.ebuild:KEYWORDS="~x86 ~amd64 ~ppc64 ~sparc ~ppc ~hppa" So apprently ppc did not mark any unaffected ebuild stable. Given your stable profile you need to mark both 3.2.3-r1 and 3.3.0-r1 stable (as 3.2.3 and 3.3.0 are affected and ppc-stable). i'm sorry i must have made a mistake, they are tested and marked stable. stable on amd64! GLSA 200410-30 hppa, ia64, ppc64: please mark stable to benefit from GLSA. kdegraphics-3.3.0-r2.ebuild is already keyworded. Removing, thanks! |