hi, there is a vuln in xpdf. no time to look closely at it yet, but i will add the proposed patch. disclosure is early net week. Any clues which packages are also affected or may potentially share the same code?
printing herd, i'll post the proposed patch to this bug. please provide fixed ebuilds and attach them here, do not commit anything, since this is secret for the time being.
Created attachment 124764 [details, diff] proposed upstream patch
Herds are no good on restricted bugs. CC'ing genstef instead.
public now. Genstef/printing, any news here?
we still dont use xpdf, we only use poppler. So it would be cool to get a poppler patch and know if poppler is even affected :)
yes, poppler is affected. so are gpdf, cups, kpdf (kdegraphics), tetex, and anything else which includes xpdf code
Can't compile it myself, but gnustep-libs/pdfkit has xpdf-3.0 (resp. 3.01) code included and is a potential, too. Is that package actually still vulnerable to bug #114428 ?
All XPDF code forks have their own bug and are fixed, one way or another. Closing.