Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 75200

Summary: app-text/pdftohtml is probably affected by new xpdf vuln
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: robbat2
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Thierry Carrez (RETIRED) gentoo-dev 2004-12-21 09:06:38 UTC
pdftohtml includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for the patch.

Robin, you did the last security bump, could you please look into it ?
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2004-12-21 12:21:41 UTC
pdftohtml contains xpdf 2.02 and the vulnerability is verified for 3.00

Nevertheless the patch applies cleanly except for the last part ( lines 1054,1060), which is just a slight change in an error message afaict.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-12-28 04:50:08 UTC
Robin: please apply patch and bump
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-01-07 03:46:59 UTC
patch in cvs now.
sparc,ppc,amd64,ppc64 need to mark stable.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-01-07 04:51:34 UTC
Thx Robin.
ppc, ppc64, sparc: please test and mark 0.36-r2 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2005-01-07 07:09:11 UTC
stable on ppc64
Comment 6 Lars Weiler (RETIRED) gentoo-dev 2005-01-08 11:56:17 UTC
stable on ppc.
Comment 7 Jason Wever (RETIRED) gentoo-dev 2005-01-09 09:30:03 UTC
Stable on sparc
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-01-10 01:17:20 UTC
GLSA 200501-13