Hi, On Tue, Sep 25, 2007 at 10:56:08PM +1000, Steffen Joeris wrote: > Package: kdegraphics > Version: 4:3.5.7-3 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for xpdf. > > CVE-2007-5049[0]: > | Stack-based buffer overflow in the StreamPredictor::getNextLine > | function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3) > | kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow > | remote attackers to execute arbitrary code via a crafted PDF file, a > | different vulnerability than CVE-2007-3387. > > If you fix this vulnerability please also include the CVE id > in your changelog entry. > > You can find a patch on: > ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
I'm overlooking something? Because that patch changes the same code than the patch: ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff applied to fix CVE-2007-3387 Ana -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
