> - Stack based buffer overflow, affecting poppler in the utils
> section (reported by Daniel Kahn Gillmor, fixed in poppler 0.24.2)
Please use CVE-2013-4473 for the Stack based buffer overflow
> - User controlled format string, affecting poppler in the utils
> section (reported by Daniel Kahn Gillmor and Pedro Ribeiro, fixed
> in poppler 0.24.3)
Please use CVE-2013-4474 for the User controlled format string
Now this one will need a libreoffice-bin rebuild...
arches, please test and mark stable:
target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
(In reply to Mikle Kolyada from comment #3)
> arches, please test and mark stable:
> target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
and its dependency
same targets... (note, -r1 and NOT -r2 which requires newer gs)
amd64 / x86 stable
*** Bug 490046 has been marked as a duplicate of this bug. ***
Stable for HPPA.
Re-adding alpha/arm/ppc/ppc64 for cups-filters
Format string vulnerability in the extractPages function in
utils/pdfseparate.cc in poppler before 024.2 allows remote attackers to
cause a denial of service (crash) via format string specifiers in a
Stack-based buffer overflow in the extractPages function in
utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via a
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
glsa request filed
All vulnerable versions have been removed.
This issue was resolved and addressed in
GLSA 201401-21 at http://security.gentoo.org/glsa/glsa-201401-21.xml
by GLSA coordinator Sean Amoss (ackle).