Summary: | app-office/koffice includes vulnerable xpdf again | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | kde, soulse | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities | ||||||
Whiteboard: | B2 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-01-18 22:19:34 UTC
KDE team, please bump koffice. Upstream patch is available on bug #77888. <<< koffice-1.3.5-r2.ebuild herds, please mark stable - would be nice to have it in 2005.0 Created attachment 49045 [details, diff]
Patch
According to an email from Waldo Bastian, this is the preferred fix for
koffice's xpdf problem.
Back to ebuild. Kde please decide which patch you want to use. "Both patches fix the same issue. The koffice patch doesn't seem to handle the keyLength == 0 case though. The koffice patch is the patch that went into xpdf upstream." is exactly what he said. The question is, if we need to revise the patch for that reason. If it doesn't matter from the functionality and security perspective, it would only be an issue, if we have another problem, which needs to be patched. Also this affects all ebuilds, which apply the CAN-2005-0064.patch, not only koffice. Thx Carsten, that will be your head ache on the next xpdf vulnerability:-) Arches please test and mark stable. stable on ppc64 amd64 done Stable on ppc. sparc stable. Stable on alpha. *** Bug 79135 has been marked as a duplicate of this bug. *** GLSA 200501-32 |