Your message dated Thu, 27 Sep 2007 10:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#443903: fixed in poppler 0.5.4-6.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: poppler
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.
CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpaR69ntB1Of.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 0.5.4-6.2
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:
libpoppler-dev_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-dev_0.5.4-6.2_i386.deb
libpoppler-glib-dev_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-glib-dev_0.5.4-6.2_i386.deb
libpoppler-glib1_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-glib1_0.5.4-6.2_i386.deb
libpoppler-qt-dev_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-qt-dev_0.5.4-6.2_i386.deb
libpoppler-qt1_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-qt1_0.5.4-6.2_i386.deb
libpoppler-qt4-1_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-qt4-1_0.5.4-6.2_i386.deb
libpoppler-qt4-dev_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler-qt4-dev_0.5.4-6.2_i386.deb
libpoppler1_0.5.4-6.2_i386.deb
to pool/main/p/poppler/libpoppler1_0.5.4-6.2_i386.deb
poppler-utils_0.5.4-6.2_i386.deb
to pool/main/p/poppler/poppler-utils_0.5.4-6.2_i386.deb
poppler_0.5.4-6.2.diff.gz
to pool/main/p/poppler/poppler_0.5.4-6.2.diff.gz
poppler_0.5.4-6.2.dsc
to pool/main/p/poppler/poppler_0.5.4-6.2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 26 Sep 2007 18:40:41 +0200
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler-qt4-dev libpoppler-qt1
libpoppler1 libpoppler-glib1 libpoppler-qt4-1 libpoppler-dev libpoppler-qt-dev
Architecture: source i386
Version: 0.5.4-6.2
Distribution: unstable
Urgency: high
Maintainer: OndÅej Surý <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib
interface)
libpoppler-glib1 - PDF rendering library (GLib-based shared library)
libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
libpoppler-qt1 - PDF rendering library (Qt 3 based shared library)
libpoppler-qt4-1 - PDF rendering library (Qt 4 based shared library)
libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4
interface)
libpoppler1 - PDF rendering library
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 443903
Changes:
poppler (0.5.4-6.2) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Renamed CVE-2007-3387.patch to CVE-2007-3387_2007-5049.patch
and fix a buffer overflow in StreamPredictor::getNextLine
as well (CVE-2007-5049) (Closes: #443903).
Files:
ade318cd6a21327d721ae30ea58b7a30 1087 devel optional poppler_0.5.4-6.2.dsc
301d37d5d5a30968cbd51de327ff5588 10163 devel optional poppler_0.5.4-6.2.diff.gz
9ac76631df863e0e511f1eb439e46721 576632 libs optional
libpoppler1_0.5.4-6.2_i386.deb
b29b33f4a2f5b6b3f7f027a67f1e568f 763730 libdevel optional
libpoppler-dev_0.5.4-6.2_i386.deb
5114f43c63cd3977ad2e55d5d6817dc8 72074 libs optional
libpoppler-glib1_0.5.4-6.2_i386.deb
ab693e35b20ce8a273ddeb546da11f15 100232 libdevel optional
libpoppler-glib-dev_0.5.4-6.2_i386.deb
a530ee70b5be94ec8c8752d2565abd29 60358 libs optional
libpoppler-qt1_0.5.4-6.2_i386.deb
3d527a1a50373fc0908f23fb8d5b914c 64492 libdevel optional
libpoppler-qt-dev_0.5.4-6.2_i386.deb
fac1ef7a51b5bf1c7f2d37025c1c3bd9 152994 libs optional
libpoppler-qt4-1_0.5.4-6.2_i386.deb
2d26149c0eaa62249bc7fa316a4f0ea3 174450 libdevel optional
libpoppler-qt4-dev_0.5.4-6.2_i386.deb
a238ded2b3b452a47b30d72455741567 101184 utils optional
poppler-utils_0.5.4-6.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG+37PHYflSXNkfP8RAtpLAJ9ziln/xaUd6SoTMKgWBlasn4dy6gCgoOqR
az3uuaJpW4qVvEq7Pp9aJqU=
=H4eA
-----END PGP SIGNATURE-----
--- End Message ---
