Your message dated Wed, 19 Jan 2005 15:55:43 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291266: vulnerable to CAN-2005-0064
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Jan 2005 18:53:11 +0000
>From [EMAIL PROTECTED] Wed Jan 19 10:53:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrKx4-00025v-00; Wed, 19 Jan 2005 10:53:10 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 67B5F17E68
for <[EMAIL PROTECTED]>; Wed, 19 Jan 2005 18:53:10 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id CEB2E6E5A8; Wed, 19 Jan 2005 13:55:07 -0500 (EST)
Date: Wed, 19 Jan 2005 13:55:06 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: vulnerable to CAN-2005-0064
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EuxKj2iCbKjpUGkD"
Content-Disposition: inline
X-Reportbug-Version: 3.5
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--EuxKj2iCbKjpUGkD
Content-Type: multipart/mixed; boundary="vtzGhvizbBRQ85DL"
Content-Disposition: inline
--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: xpdf-reader
Version: 3.00-11
Severity: grave
Tags: patch security
xpdf is vulnerable to a buffer overflow that can be exploited by
malicious pdfs to execute arbitrary code. The hole is described here:
http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnerabili=
ties&flashstatus=3Dfalse
I've attached a patch that adds bounds checking to close the hole.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Versions of packages xpdf depends on:
ii xpdf-common 3.00-11 Portable Document Format (PDF)=
sui
ii xpdf-reader 3.00-11 Portable Document Format (PDF)=
sui
ii xpdf-utils 3.00-11 Portable Document Format (PDF)=
sui
Versions of packages xpdf-reader depends on:
ii gsfonts 8.14+v8.11-0.1 Fonts for the Ghostscript inte=
rpre
ii lesstif2 1:0.93.94-11 OSF/Motif 2.1 implementation r=
elea
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared=
lib
ii libgcc1 1:3.4.3-7 GCC support library
ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library
ii libpaper1 1.1.14-3 Library for handling paper cha=
ract
ii libsm6 4.3.0.dfsg.1-10 X Window System Session Manage=
ment
ii libstdc++5 1:3.3.5-6 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library=
- r
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol clien=
t li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous =
exte
ii libxp6 4.3.0.dfsg.1-10 X Window System printing exten=
sion
ii libxpm4 4.3.0.dfsg.1-10 X pixmap library
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) con=
figu
ii xpdf-common 3.00-11 Portable Document Format (PDF)=
sui
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--=20
see shy jo
--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="xpdf-3.00pl3.patch"
*** XRef.cc.orig Wed Jan 12 17:10:53 2005
--- XRef.cc Wed Jan 12 17:11:22 2005
***************
*** 793,798 ****
--- 793,801 ----
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
--vtzGhvizbBRQ85DL--
--EuxKj2iCbKjpUGkD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7q0Jd8HHehbQuO8RAohpAJ9WCh6xiN7LYv9MD4CinEo026h/+wCcCwIV
2NOVgyGRDTmJ2esKS8jdCJ0=
=JgTC
-----END PGP SIGNATURE-----
--EuxKj2iCbKjpUGkD--
---------------------------------------
Received: (at 291266-done) by bugs.debian.org; 19 Jan 2005 20:53:54 +0000
>From [EMAIL PROTECTED] Wed Jan 19 12:53:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrMpu-0003ud-00; Wed, 19 Jan 2005 12:53:54 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 36C4B18081
for <[EMAIL PROTECTED]>; Wed, 19 Jan 2005 20:53:53 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 69D4A6F244; Wed, 19 Jan 2005 15:55:43 -0500 (EST)
Date: Wed, 19 Jan 2005 15:55:43 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Bug#291266: vulnerable to CAN-2005-0064
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Martin Schulze wrote:
> Joey Hess wrote:
> > xpdf is vulnerable to a buffer overflow that can be exploited by
> > malicious pdfs to execute arbitrary code. The hole is described here:
> > http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnera=
bilities&flashstatus=3Dfalse
> >=20
> > I've attached a patch that adds bounds checking to close the hole.
>=20
> For the unstable distribution (sid) this problem has been fixed in
> version 3.00-12.
>=20
> It's in Incoming already.
>=20
> Just FYI.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Ten years and still binary compatible. -- XFree86
>=20
> Please always Cc to me when replying to me on the lists.
>=20
>=20
> --=20
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
=2Eorg
>=20
--=20
see shy jo
--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7slPd8HHehbQuO8RAoj6AKDS/2/iDxSmsKUbKkG119qTDpqXzwCgp2Cn
ah4DrfgcYwlXQx+6UUesZ5w=
=Nxid
-----END PGP SIGNATURE-----
--MGYHOYXEY6WxJCY8--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
