Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120985 - app-text/{poppler|xpdf} second Xpdf round this year aka splash handling heap overflow (CVE-2006-0301)
Summary: app-text/{poppler|xpdf} second Xpdf round this year aka splash handling heap ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/bugzilla/...
Whiteboard: B2 [glsa] jaervosz
Keywords:
: 120451 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-01-30 14:21 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2019-12-12 21:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-30 14:21:07 UTC
PDF splash handling heap overflow

Dirk Mueller told vendor-sec about a buffer overflow issue in the xpdf
codebase when handling splash images.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-30 14:26:11 UTC
Printing/Gnome please provide updated ebuild.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-31 02:37:24 UTC
Further details here:

https://bugzilla.novell.com/show_bug.cgi?id=141242
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-31 02:39:12 UTC
*** Bug 120451 has been marked as a duplicate of this bug. ***
Comment 4 Stefan Schweizer (RETIRED) gentoo-dev 2006-02-03 11:14:02 UTC
latest kpdf-3.5.1 uses poppler now thanks to flameeyes

the bug was fixed in poppler-0.5.0-r3

and gpdf users should upgrade to evince whihc uses kpdf ;)

For xpdf I think we should patch it to use poppler, because no one of printing cares about it.
Comment 5 Stefan Schweizer (RETIRED) gentoo-dev 2006-02-03 15:43:20 UTC
gpdf seems to have beeen fixed independantly.

poppler has been fixed for this bug.
xpdf has been fixed for this bug.

app-text/poppler-0.5.0-r4
and
app-text/xpdf-3.01-r7
need to go stable for this bug.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-02-04 00:50:43 UTC
Gpdf is not fixed. Handling it on bug #120985 to start stable marking here.

Arches please test and mark stable.
Comment 7 René Nussbaumer (RETIRED) gentoo-dev 2006-02-04 08:19:24 UTC
Stable on hppa. There's a depends problem with ~s390 while commiting xpdf.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-02-04 10:42:39 UTC
Sorry, correct gpdf bug #121511

Comment 9 Stefan Schweizer (RETIRED) gentoo-dev 2006-02-04 17:04:01 UTC
Please also mark poppler-bindings-0.5.0 stable, both poppler and poppler-bindings should have the same stable-version.
List of what needs to go stable:

app-text/poppler-0.5.0-r4
app-text/poppler-bindings-0.5.0
app-text/xpdf-3.01-r7
Comment 10 Jason Wever (RETIRED) gentoo-dev 2006-02-04 18:05:25 UTC
Packages in comment #9 stable on SPARC.
Comment 11 Simon Stelling (RETIRED) gentoo-dev 2006-02-05 02:54:18 UTC
all three stable on amd64
Comment 12 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-02-05 08:41:24 UTC
alpha stable
Comment 13 Tobias Scherbaum (RETIRED) gentoo-dev 2006-02-05 11:44:33 UTC
ppc stable
Comment 14 Markus Rothe (RETIRED) gentoo-dev 2006-02-05 23:41:56 UTC
stable on ppc64
Comment 15 Mark Loeser (RETIRED) gentoo-dev 2006-02-06 05:59:05 UTC
x86 done
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2006-02-08 19:29:30 UTC
(In reply to comment #9)
> Please also mark poppler-bindings-0.5.0 stable, both poppler and
> poppler-bindings should have the same stable-version.
> List of what needs to go stable:
> 
> app-text/poppler-0.5.0-r4
> app-text/poppler-bindings-0.5.0
> app-text/xpdf-3.01-r7

Readding hppa. :-\
Comment 17 René Nussbaumer (RETIRED) gentoo-dev 2006-02-09 02:13:10 UTC
Stabalized also poppler-bindings. Because of hppa was not readded by bug-change so  there is this delay.
Comment 18 Thierry Carrez (RETIRED) gentoo-dev 2006-02-12 09:40:35 UTC
GLSA 200602-04