Your message dated Tue, 07 Aug 2007 04:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#435462: fixed in xpdf 3.02-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libpoppler1
Version: 0.5.4-6
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in libpoppler and related
packages. From CVE-2007-3387:
"Integer overflow in the StreamPredictor::StreamPredictor function in gpdf
before
2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS,
and other products, might allow remote attackers to execute arbitrary code via a
crafted PDF file."
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.02-1.1
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.02-1.1_all.deb
to pool/main/x/xpdf/xpdf-common_3.02-1.1_all.deb
xpdf-reader_3.02-1.1_amd64.deb
to pool/main/x/xpdf/xpdf-reader_3.02-1.1_amd64.deb
xpdf-utils_3.02-1.1_amd64.deb
to pool/main/x/xpdf/xpdf-utils_3.02-1.1_amd64.deb
xpdf_3.02-1.1.diff.gz
to pool/main/x/xpdf/xpdf_3.02-1.1.diff.gz
xpdf_3.02-1.1.dsc
to pool/main/x/xpdf/xpdf_3.02-1.1.dsc
xpdf_3.02-1.1_all.deb
to pool/main/x/xpdf/xpdf_3.02-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 07 Aug 2007 14:00:34 +1000
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source amd64 all
Version: 3.02-1.1
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 435462
Changes:
xpdf (3.02-1.1) unstable; urgency=high
.
* Non-maintainer upload with permission of the maintainer
* Fix integer overflow in the StreamPredictor::StreamPredictor
function by adding post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
(Closes: #435462) Fixes: CVE-2007-3387
Files:
409da82253c0a7a87900a934d28006f6 872 text optional xpdf_3.02-1.1.dsc
4f417baf5dd6660ef7fabf7cdadccd13 32913 text optional xpdf_3.02-1.1.diff.gz
a9c9d15d19e2159a2e964b4118069e79 1268 text optional xpdf_3.02-1.1_all.deb
e7a7c4f25c03ed80a61638ed108d5955 66394 text optional
xpdf-common_3.02-1.1_all.deb
34a244bc8b17b4eac7e25ce8af9c3c97 909930 text optional
xpdf-reader_3.02-1.1_amd64.deb
6994b0e495a57116bccbc98bc7aac5a7 1684020 text optional
xpdf-utils_3.02-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGt/DD62zWxYk/rQcRAm9uAJ4pu+KAjC86gkKxiIEyV9kJ9nyNGgCgpjLm
nBL0FyB3lnGbFMVU6Ldv4TI=
=m8cj
-----END PGP SIGNATURE-----
--- End Message ---
