Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 221297 (CVE-2008-1693) - arbitrary code execution through crafted font object (CVE-2008-1693)
Summary: arbitrary code execution through crafted font object (CVE-2008-1693)
Status: RESOLVED DUPLICATE of bug 216850
Alias: CVE-2008-1693
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2008-05-11 09:47 UTC by Peter Alfredsen (RETIRED)
Modified: 2008-05-11 15:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

40_pdf2-embedded-font-fixes.diff (40_pdf2-embedded-font-fixes.diff,4.60 KB, patch)
2008-05-11 09:48 UTC, Peter Alfredsen (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Alfredsen (RETIRED) gentoo-dev 2008-05-11 09:47:47 UTC
Patch for poppler-0.6.3;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8
Debian bug:
Koffice fix attached, extracted from Ubuntu.

I can't really say what the scope of this vulnerability is, but it's worthy of a bug.
Comment 1 Peter Alfredsen (RETIRED) gentoo-dev 2008-05-11 09:48:45 UTC
Created attachment 152827 [details, diff]

Fix for koffice.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-05-11 15:50:36 UTC
We took care of the xpdf/poppler issue in bug 216850.

Please note that koffice and kpdf was not found to be vulnerable by us. The patches Ubuntu applied were only precautionary measures.

*** This bug has been marked as a duplicate of bug 216850 ***