Bug#443903: marked as done (CVE-2007-5049 stack based buffer overflow)

Wed, 03 Oct 2007 08:41:13 -0700 

Your message dated Wed, 03 Oct 2007 15:26:34 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#443903: fixed in poppler 0.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: poppler
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.

CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpfHLeNyLJPs.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: poppler
Source-Version: 0.6-1

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

libpoppler-dev_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-dev_0.6-1_amd64.deb
libpoppler-glib-dev_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-glib-dev_0.6-1_amd64.deb
libpoppler-glib2_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-glib2_0.6-1_amd64.deb
libpoppler-qt-dev_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-qt-dev_0.6-1_amd64.deb
libpoppler-qt2_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-qt2_0.6-1_amd64.deb
libpoppler-qt4-2_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-qt4-2_0.6-1_amd64.deb
libpoppler-qt4-dev_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler-qt4-dev_0.6-1_amd64.deb
libpoppler2_0.6-1_amd64.deb
  to pool/main/p/poppler/libpoppler2_0.6-1_amd64.deb
poppler-utils_0.6-1_amd64.deb
  to pool/main/p/poppler/poppler-utils_0.6-1_amd64.deb
poppler_0.6-1.diff.gz
  to pool/main/p/poppler/poppler_0.6-1.diff.gz
poppler_0.6-1.dsc
  to pool/main/p/poppler/poppler_0.6-1.dsc
poppler_0.6.orig.tar.gz
  to pool/main/p/poppler/poppler_0.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[EMAIL PROTECTED]> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 28 Sep 2007 14:09:08 +0200
Source: poppler
Binary: libpoppler-qt2 libpoppler-glib-dev poppler-utils libpoppler-qt4-dev 
libpoppler2 libpoppler-qt4-2 libpoppler-glib2 libpoppler-dev libpoppler-qt-dev
Architecture: source amd64
Version: 0.6-1
Distribution: experimental
Urgency: low
Maintainer: Ondřej Surý <[EMAIL PROTECTED]>
Changed-By: Ondřej Surý <[EMAIL PROTECTED]>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib 
interface)
 libpoppler-glib2 - PDF rendering library (GLib-based shared library)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
 libpoppler-qt2 - PDF rendering library (Qt 3 based shared library)
 libpoppler-qt4-2 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 
interface)
 libpoppler2 - PDF rendering library
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 429700 441012 443903
Changes: 
 poppler (0.6-1) experimental; urgency=low
 .
   * Upload to experimental to allow library transition testing
   * New upstream release. (Closes: #429700)
     - merged changes from Ubuntu, courtesy of Sebastien Bacher <[EMAIL 
PROTECTED]>
     - Fix security issue MOAB-06-01-2007
     - Fix security issue CVE-2007-3387
     - Fix security issue CVE-2007-5049 (Closes: #443903)
   * debian/watch:
     - update (Closes: #441012)
   * debian/control, debian/libpoppler2.install, 
debian/libpoppler-glib2.install,
     debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install,
     debian/rules:
     - updated for soname change
   * debian/libpoppler-glib-dev.install:
     - install new test-poppler-glib
   * debian/patches/002_CVE-2006-0301.patch:
     - dropped, deprecated by the upstream changes
   * debian/patches/003_glib-2.0-configure.patch:
   * debian/patches/004_CVE-2007-0104.patch:
   * debian/patches/005_fix_inverted_text_from_bug_8944.patch:
     - dropped, fixed with the new version
   * debian/patches/006_pthreads_ldflags.patch:
     - updated
Files: 
 596030169d152d5343a3e8eda6d56477 1076 devel optional poppler_0.6-1.dsc
 96883867572aa1e55e979ec75369c562 1228142 devel optional poppler_0.6.orig.tar.gz
 ee61d2db589b43ac24f3d4010f5f4867 7513 devel optional poppler_0.6-1.diff.gz
 aebf0a6881ddeef3bccf9145fd6c9d15 677298 libs optional 
libpoppler2_0.6-1_amd64.deb
 876c4555dd2c7b49fb272e5177f51ad7 931510 libdevel optional 
libpoppler-dev_0.6-1_amd64.deb
 16722796b6a565eba53b0750249009c0 100510 libs optional 
libpoppler-glib2_0.6-1_amd64.deb
 dc12ef472e25555b5a1e814f3c931114 155264 libdevel optional 
libpoppler-glib-dev_0.6-1_amd64.deb
 debe6d6f9cff1ddfe57eab3136c9d0d1 71724 libs optional 
libpoppler-qt2_0.6-1_amd64.deb
 ecbb5def8b1a2c3f101841cc51af9c96 79184 libdevel optional 
libpoppler-qt-dev_0.6-1_amd64.deb
 25a01e179a4df0b2f020def8e72ee212 193600 libs optional 
libpoppler-qt4-2_0.6-1_amd64.deb
 adeaa3e679c3deee50f9dae682e8e38e 232048 libdevel optional 
libpoppler-qt4-dev_0.6-1_amd64.deb
 01bcdf98b94174b37f6b5889b7d3a962 123948 utils optional 
poppler-utils_0.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG/PAP9OZqfMIN8nMRArkEAJ0UGTqlwHlPYbeUM5q2cJPWGY5M9ACglUeQ
ByIlnplIYojrYo0h2+KXN0A=
=/7dO
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to