Summary: | app-text/tetex: vulnerable xpdf and tmpfile vulns | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||||||||||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||||||||||
Severity: | major | CC: | matsuu, ppc-macos, text-markup+disabled | ||||||||||||||||||||
Priority: | Highest | ||||||||||||||||||||||
Version: | unspecified | ||||||||||||||||||||||
Hardware: | All | ||||||||||||||||||||||
OS: | All | ||||||||||||||||||||||
Whiteboard: | A2 [glsa] koon | ||||||||||||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||||||||||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2004-12-27 08:11:34 UTC
Created attachment 46970 [details, diff]
xdvizilla.patch
xdvizilla tmpfile vulns patch, ripped from Ubuntu's diff.
text-markup team, please apply patches and bump. Mandrake Advisory: MDKSA-2004:166 Ubuntu Security Notice: USN-51-1 text-markup team: please apply patches and bump I don't have time to do this until 17 Jan. Sorry for that. (It includes several patches and we need to check tetex, ptex and cstetex) Could somebody else from text-markup team apply these patches? Mamoru: I tried to ask to other text-markup members but it seems only you can do it :/ If you know someone else please contact him/her and ask for help... since I didn't have much success asking for help myself. Created attachment 47932 [details]
tetex-2.0.2-r5.ebuild
Created attachment 47933 [details]
ptex-3.1.4-r2.ebuild
Created attachment 47937 [details]
cstetex-2.0.2-r1.ebuild
Matsuu: you're missing the CAN-2004-1125 fix. Something like app-text/pdftohtml/pdftohtml-xpdf-3.00pl2-CAN-2004-1125.patch should be applied too. Created attachment 48625 [details, diff]
xpdf-CESA-2004-007-xpdf2-newer.diff
Created attachment 48626 [details, diff]
xpdf-goo-sizet.patch
Created attachment 48627 [details, diff]
xpdf2-underflow.patch
Created attachment 48628 [details, diff]
xpdf-3.00pl2-CAN-2004-1125.patch
Created attachment 48629 [details]
tetex-2.0.2-r5.ebuild
Matsuu, you should commit new ebuilds in portage, as ~ Please also include xpdf-3.00pl3.patch from bug 77888 *** Bug 78251 has been marked as a duplicate of this bug. *** app-text/tetex-2.0.2-r5 app-text/cstetex-2.0.2-r1 app-text/ptex-3.1.4-r2 in cvs Target KEYWORDS: app-text/tetex-2.0.2-r5: alpha amd64 arm, hppa, ia64, mips, ppc, ppc64, ppc, macos, s390, sparc, x86 app-text/cstetex-2.0.2-r1: x86 app-text/ptex-3.1.4-r2: alpha, amd64, ppc, sparc, ppc64, ppc-macos, x86 archs, please mark stable. s/ppc, macos/ppc-macos/ app-text/tetex-2.0.2-r5 stable on amd64, I'll have to find someone else to test ptex Stable on alpha. all three done on x86 app-text/ptex-3.1.4-r2 and app-text/tetex-2.0.2-r5 stable on ppc64 Tetex good for sparc. Builds, installs, and creates correct output. I cannot comment on cstetex or ptex, and am leaving them for someone who knows what they are. tetex stable on mips. ptex doesn't build for me... :-/ i can't confirm kugelfang's issue, it works fine here so i marked it stable tetex and ptex stable on ppc. We just wait on sparc testing of ptex to issue the GLSA. ptex stable on sparc GLSA 200501-31 arm, hppa, ia64, ppc-macos, s390: please mark those stable to benefit from GLSA Already stable on hppa |