Bug 78251

Summary:

app-text/tetex: one more vulnerability in xpdf

Product:

Gentoo Security

Reporter:

Thierry Carrez (RETIRED) <koon>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED DUPLICATE

Severity:

major

CC:

matsuu, usata

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

Whiteboard:

A2 [wait] / 20050118

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
CAN-2005-0064.patch	none
tetex-portage-overlay.tar.bz2	none

Description Thierry Carrez (RETIRED) gentoo-dev

2005-01-16 11:26:36 UTC

Hello usata & matsuu,
I know you are busy with our security bug 75801, but now there is one more xpdf vulnerability to patch. This is still confidential, so you just can't commit it to portage, but please improve on the ebuilds posted on bug 75801 and attach them here. We'll call for arch testing and try to be ready for disclosure date, on Jan 18. Maybe it's just better to attach a portage-overlay-tarball with all the files and ebuilds necessary to test.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-01-16 11:27:49 UTC

Created attachment 48671 [details, diff]
CAN-2005-0064.patch

Patch on xpdf by RedHat.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-01-18 06:51:28 UTC

Better wait for the upstream official patch...

Comment 3 MATSUU Takuto (RETIRED) gentoo-dev

2005-01-18 07:51:09 UTC

Created attachment 48841 [details]
tetex-portage-overlay.tar.bz2

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2005-01-19 00:31:48 UTC

Matsuu: I am sorry, it was discovered that the CAN-2005-0064.patch is not sufficient, and we should apply the official xpdf upstream patch. I regrouped all tetex security issue in bug 75801 now that they are all public.


*** This bug has been marked as a duplicate of 75801 ***