Description: "Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor." Patch hint: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890#p42672 (Could be generated trivially).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18 commit 6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18 Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2020-03-01 20:03:46 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2020-03-01 20:06:21 +0000 app-text/xpdf: fix CVE-2019-17064 Fix NULL pointer dereference by initializing field before use. https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890#p42672 Bug: https://bugs.gentoo.org/711146 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> app-text/xpdf/files/xpdf-CVE-2019-17064.patch | 24 +++++ app-text/xpdf/xpdf-4.02-r2.ebuild | 141 ++++++++++++++++++++++++++ 2 files changed, 165 insertions(+)
Arch teams, please stabilize app-text/xpdf-4.02-r2 containing CVE fix.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa9c839a6550de397a577a9c6eca092badafe3f5 commit aa9c839a6550de397a577a9c6eca092badafe3f5 Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2020-03-02 22:31:36 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2020-03-02 22:33:15 +0000 app-text/xpdf: remove old and vulnerable versions Bug: https://bugs.gentoo.org/711146 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> app-text/xpdf/xpdf-4.02-r1.ebuild | 140 -------------------------------------- app-text/xpdf/xpdf-4.02.ebuild | 113 ------------------------------ 2 files changed, 253 deletions(-)
GLSA Vote: No Thank you all for you work. Closing as [noglsa].
