Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 264601 - *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})
Summary: *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2009-0146
Blocks:
  Show dependency tree
 
Reported: 2009-04-02 10:48 UTC by Robert Buchholz (RETIRED)
Modified: 2014-12-12 01:02 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 10:48:09 UTC
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Multiple vulnerabilities have been discovered in Xpdf as shipped in
* app-text/tetex
* app-text/texlive-core
* app-text/ptex

Note we also have bug 264598 open, but waiting for a patch. Please find Xpdf patches in the blocking bug.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 11:04:37 UTC
teTeX removal via bug 227443.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-04-04 12:26:58 UTC
embargo has been pushed back to 2009-04-16.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-04-25 12:37:48 UTC
TeX herd, please provide updates to the supported TeX distribtuions.

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
Comment 4 Alexis Ballier gentoo-dev 2009-04-29 22:34:22 UTC
(In reply to comment #3)
> TeX herd, please provide updates to the supported TeX distribtuions.
> 
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch

tl-core-2008-r5 has the patch.
There is still that bibtex issue standing but since i've yet to see a patch i've prefered to stop waiting and push that one first.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-04-30 08:54:17 UTC
Arches, please test and mark stable:
=app-text/texlive-core-2008-r5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Jeroen Roovers gentoo-dev 2009-05-01 12:49:17 UTC
Stable for HPPA.
Comment 7 Markus Meier gentoo-dev 2009-05-01 14:10:26 UTC
amd64/x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-05-03 11:13:58 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-05-03 12:54:32 UTC
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-05-03 12:54:37 UTC
ppc done
Comment 11 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-03 18:49:16 UTC
GLSA request filed.
Comment 12 Johannes Huber gentoo-dev 2012-05-17 13:19:02 UTC
Thank you all. TeX herd has nothing to do here anymore. Removing from CC.
Comment 13 Sean Amoss gentoo-dev Security 2014-12-12 01:02:54 UTC
This was fixed prior to 2010 years ago and will not receive a GLSA.