Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 75200 - app-text/pdftohtml is probably affected by new xpdf vuln
Summary: app-text/pdftohtml is probably affected by new xpdf vuln
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2004-12-21 09:06 UTC by Thierry Carrez (RETIRED)
Modified: 2005-01-10 01:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-12-21 09:06:38 UTC
pdftohtml includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for the patch.

Robin, you did the last security bump, could you please look into it ?
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2004-12-21 12:21:41 UTC
pdftohtml contains xpdf 2.02 and the vulnerability is verified for 3.00

Nevertheless the patch applies cleanly except for the last part ( lines 1054,1060), which is just a slight change in an error message afaict.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-12-28 04:50:08 UTC
Robin: please apply patch and bump
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-01-07 03:46:59 UTC
patch in cvs now.
sparc,ppc,amd64,ppc64 need to mark stable.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-01-07 04:51:34 UTC
Thx Robin.
ppc, ppc64, sparc: please test and mark 0.36-r2 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2005-01-07 07:09:11 UTC
stable on ppc64
Comment 6 Lars Weiler (RETIRED) gentoo-dev 2005-01-08 11:56:17 UTC
stable on ppc.
Comment 7 Jason Wever (RETIRED) gentoo-dev 2005-01-09 09:30:03 UTC
Stable on sparc
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-01-10 01:17:20 UTC
GLSA 200501-13