264601 – *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})

Bug 264601 - *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})

Summary: *TeX Xpdf JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa]
Keywords:

Depends on:	CVE-2009-0146
Blocks:
	Show dependency tree

Reported:	2009-04-02 10:48 UTC by Robert Buchholz (RETIRED)
Modified:	2014-12-12 01:02 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-04-02 10:48:09 UTC

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Multiple vulnerabilities have been discovered in Xpdf as shipped in
* app-text/tetex
* app-text/texlive-core
* app-text/ptex

Note we also have bug 264598 open, but waiting for a patch. Please find Xpdf patches in the blocking bug.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-04-02 11:04:37 UTC

teTeX removal via bug 227443.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-04-04 12:26:58 UTC

embargo has been pushed back to 2009-04-16.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2009-04-25 12:37:48 UTC

TeX herd, please provide updates to the supported TeX distribtuions.

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch

Comment 4 Alexis Ballier gentoo-dev

2009-04-29 22:34:22 UTC

(In reply to comment #3)
> TeX herd, please provide updates to the supported TeX distribtuions.
> 
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch

tl-core-2008-r5 has the patch.
There is still that bibtex issue standing but since i've yet to see a patch i've prefered to stop waiting and push that one first.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2009-04-30 08:54:17 UTC

Arches, please test and mark stable:
=app-text/texlive-core-2008-r5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2009-05-01 12:49:17 UTC

Stable for HPPA.

Comment 7 Markus Meier gentoo-dev

2009-05-01 14:10:26 UTC

amd64/x86 stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2009-05-03 11:13:58 UTC

alpha/arm/ia64/s390/sh/sparc stable

Comment 9 Brent Baude (RETIRED) gentoo-dev

2009-05-03 12:54:32 UTC

ppc64 done

Comment 10 Brent Baude (RETIRED) gentoo-dev

2009-05-03 12:54:37 UTC

ppc done

Comment 11 Tobias Heinlein (RETIRED) gentoo-dev

2009-05-03 18:49:16 UTC

GLSA request filed.

Comment 12 Johannes Huber (RETIRED) gentoo-dev

2012-05-17 13:19:02 UTC

Thank you all. TeX herd has nothing to do here anymore. Removing from CC.

Comment 13 Sean Amoss (RETIRED) gentoo-dev

2014-12-12 01:02:54 UTC

This was fixed prior to 2010 years ago and will not receive a GLSA.