Summary: | app-text/gpdf includes vulnerable xpdf again | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | gnome | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | A2 [glsa] koon | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
![]() Created attachment 48572 [details, diff]
xpdf-CAN-2005-0064.patch
Patch from RedHat. An official Xpdf patch will be available on Jan 18, but if
we can be ready before that, all the better.
Created attachment 48575 [details, diff]
diff between gpdf 2.8.1-r1 and 2.8.2
Gpdf also needs a bump to version 2.8.2 which includes the last security patch.
This is the diff between the 2.8.2 ebuild and 2.8.1-r1. I might not be
available very often this week, so somebody else may need to add it. Changed
the patched file location to xpdf/foo.cc so we can apply it from ${S}
Thanks joem. I suppose you keyworded it x86 because you tested it with success on that platform. obz: please test and report success on ppc kloeri: please test and report success on alpha absinthe: please test and report success on amd64 gustavoz: please test and report success on sparc sparc is happy, though the patch is still wrong (outside ${S}/xpdf), forgot to upload the corrected one? Alpha works. This should go public sometime today. Still missing amd64/ppc testing, adding kugelfang and SeJo to help. OK apparently this patch is not sufficient. We'll just wait for the upstream official patch... sorry for wasting your time, folks. Gnome team, please adapt gpdf-2.8.2 so that it makes use of official and public xpdf-3.00pl3.patch from bug 77888. Added an updated 2.8.2, marked stable on x86 and ppc. sparc-a-go-go. Alpha stable. Stable on mips. Stable on amd64. GLSA 200501-28 hppa, ia64 please mark stable to benefit from GLSA Already stable on hppa |