Your message dated Fri, 03 Jul 2009 19:54:13 +0000
with message-id <e1mmopp-0008kk...@ries.debian.org>
and subject line Bug#524809: fixed in xpdf 3.01-9.1+etch6
has caused the Debian Bug report #524809,
regarding xpdf: multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
524809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: cups
severity: grave
tags: security
hello,
redhat recently patched the following cups [0], xpdf [1], and
kdegraphics[2] issues:
CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
CVE-2009-1182, CVE-2009-1183
these are still reserved in the CVE list, but are disclosed at NVD.
[0] https://rhn.redhat.com/errata/RHSA-2009-0429.html
[1] https://rhn.redhat.com/errata/RHSA-2009-0430.html
[2] https://rhn.redhat.com/errata/RHSA-2009-0431.html
--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.01-9.1+etch6
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.01-9.1+etch6_all.deb
to pool/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb
xpdf-reader_3.01-9.1+etch6_amd64.deb
to pool/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb
xpdf-utils_3.01-9.1+etch6_amd64.deb
to pool/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb
xpdf_3.01-9.1+etch6.diff.gz
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz
xpdf_3.01-9.1+etch6.dsc
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc
xpdf_3.01-9.1+etch6_all.deb
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 524...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuse...@iuculano.it> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 02 May 2009 14:12:12 +0200
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source amd64 all
Version: 3.01-9.1+etch6
Distribution: oldstable-security
Urgency: high
Maintainer: no...@debian.org
Changed-By: Giuseppe Iuculano <giuse...@iuculano.it>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 524809
Changes:
xpdf (3.01-9.1+etch6) oldstable-security; urgency=high
.
* Non-maintainer upload.
* This update fixes various security issues (Closes: #524809):
- CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other
products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that
triggers a NULL pointer dereference.
- CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows
remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
Files:
9c04059981f8b036d7e6e39c7f0aeb21 974 text optional xpdf_3.01-9.1+etch6.dsc
c69a67b9ff487403e7c3ff819c6ff734 46835 text optional
xpdf_3.01-9.1+etch6.diff.gz
d6da8e00b02ab3f17ec44b90fff6bb30 1278 text optional xpdf_3.01-9.1+etch6_all.deb
dd8f37161c3b2430cb1cd65c911e9f86 62834 text optional
xpdf-common_3.01-9.1+etch6_all.deb
171520d7642019943bfe7166876f5da5 809202 text optional
xpdf-reader_3.01-9.1+etch6_amd64.deb
9575f135e9ec312f9e6d7d2517dd8f5b 1493308 text optional
xpdf-utils_3.01-9.1+etch6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ/3IeYrVLjBFATsMRAkolAJ9EgMM8LxG3Hrnuaee7DtcGvjeuXACfa0Nq
To8Llx9RAjN+9FpltmxpS80=
=ysF6
-----END PGP SIGNATURE-----
--- End Message ---
