Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 78251 - app-text/tetex: one more vulnerability in xpdf
Summary: app-text/tetex: one more vulnerability in xpdf
Status: RESOLVED DUPLICATE of bug 75801
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [wait] / 20050118
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-16 11:26 UTC by Thierry Carrez (RETIRED)
Modified: 2007-01-06 16:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
CAN-2005-0064.patch (CAN-2005-0064.patch,773 bytes, patch)
2005-01-16 11:27 UTC, Thierry Carrez (RETIRED) 		no flags Details | Diff
tetex-portage-overlay.tar.bz2 (tetex-portage-overlay.tar.bz2,9.37 KB, application/octet-stream)
2005-01-18 07:51 UTC, MATSUU Takuto (RETIRED) 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-01-16 11:26:36 UTC 
Hello usata & matsuu,
I know you are busy with our security bug 75801, but now there is one more xpdf vulnerability to patch. This is still confidential, so you just can't commit it to portage, but please improve on the ebuilds posted on bug 75801 and attach them here. We'll call for arch testing and try to be ready for disclosure date, on Jan 18. Maybe it's just better to attach a portage-overlay-tarball with all the files and ebuilds necessary to test.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-01-16 11:27:49 UTC 
Created attachment 48671 [details, diff]
CAN-2005-0064.patch

Patch on xpdf by RedHat.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-01-18 06:51:28 UTC 
Better wait for the upstream official patch...
Comment 3 MATSUU Takuto (RETIRED) gentoo-dev 2005-01-18 07:51:09 UTC 
Created attachment 48841 [details]
tetex-portage-overlay.tar.bz2
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-01-19 00:31:48 UTC 
Matsuu: I am sorry, it was discovered that the CAN-2005-0064.patch is not sufficient, and we should apply the official xpdf upstream patch. I regrouped all tetex security issue in bug 75801 now that they are all public.


*** This bug has been marked as a duplicate of 75801 ***