Bug#551676: marked as done (xpdf: Security patch Xpdf 3.02pl4 released 2009-oct-14)

Sun, 04 Apr 2010 02:53:35 -0700 

Your message dated Sun, 04 Apr 2010 09:26:36 +0000
with message-id <e1nym6g-0002om...@ries.debian.org>
and subject line Bug#551287: fixed in xpdf 3.02-2
has caused the Debian Bug report #551287,
regarding xpdf: Security patch Xpdf 3.02pl4 released 2009-oct-14
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
551287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: xpdf-reader
Version: 3.02-1.4+lenny1
Severity: grave
Tags: security
Justification: user security hole

Seems to me that Debian needs to update xpdf to 3.02pl4
as released 14 Oct 2009. See also:

Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce.
http://www.securityfocus.com/archive/1/507261

Thanks,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.12-svr (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages xpdf depends on:
ii  xpdf-common              3.02-1.4+lenny1 Portable Document Format (PDF) sui
ii  xpdf-reader              3.02-1.4+lenny1 Portable Document Format (PDF) sui
ii  xpdf-utils               3.02-1.4+lenny1 Portable Document Format (PDF) sui

xpdf recommends no packages.

xpdf suggests no packages.

Versions of packages xpdf-reader depends on:
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
ii  lesstif2      1:0.95.0-2.1               OSF/Motif 2.1 implementation relea
ii  libc6         2.7-18                     GNU C Library: Shared libraries
ii  libfreetype6  2.3.7-2+lenny1             FreeType 2 font engine, shared lib
ii  libgcc1       1:4.3.2-1.1                GCC support library
ii  libice6       2:1.0.4-1                  X11 Inter-Client Exchange library
ii  libpaper1     1.1.23+nmu1                library for handling paper charact
ii  libsm6        2:1.0.3-2                  X11 Session Management library
ii  libstdc++6    4.3.2-1.1                  The GNU Standard C++ Library v3
ii  libt1-5       5.1.2-3                    Type 1 font rasterizer library - r
ii  libx11-6      2:1.1.5-2                  X11 client-side library
ii  libxext6      2:1.0.4-1                  X11 miscellaneous extension librar
ii  libxp6        1:1.0.0.xsf1-2             X Printing Extension (Xprint) clie
ii  libxpm4       1:3.5.7-1                  X11 pixmap library
ii  libxt6        1:1.0.5-3                  X11 toolkit intrinsics library
ii  xpdf-common   3.02-1.4+lenny1            Portable Document Format (PDF) sui

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: xpdf
Source-Version: 3.02-2

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.02-2_all.deb
  to main/x/xpdf/xpdf-common_3.02-2_all.deb
xpdf-reader_3.02-2_amd64.deb
  to main/x/xpdf/xpdf-reader_3.02-2_amd64.deb
xpdf-utils_3.02-2_amd64.deb
  to main/x/xpdf/xpdf-utils_3.02-2_amd64.deb
xpdf_3.02-2.debian.tar.gz
  to main/x/xpdf/xpdf_3.02-2.debian.tar.gz
xpdf_3.02-2.dsc
  to main/x/xpdf/xpdf_3.02-2.dsc
xpdf_3.02-2_all.deb
  to main/x/xpdf/xpdf_3.02-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilb...@gmail.com> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 02 Apr 2010 17:40:49 -0400
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all amd64
Version: 3.02-2
Distribution: unstable
Urgency: high
Maintainer: Michael Gilbert <michael.s.gilb...@gmail.com>
Changed-By: Michael Gilbert <michael.s.gilb...@gmail.com>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 408502 424178 424747 458763 495150 515495 527840 528807 535261 551287 
558020 575779
Changes: 
 xpdf (3.02-2) unstable; urgency=high
 .
   [Michael Gilbert]
   * Fix multiple security issues (closes: #551287, #575779).
     - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
       SplashBitmap::SplashBitmap function in SplashBitmap.cc.
     - CVE-2009-3603: Additional integer overflows in the
       SplashBitmap::SplashBitmap function.
     - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
       function in Splash.cc.
     - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
       function in PSOutputDev.cc.
     - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
       function in XRef.cc.
     - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
       function in Stream.cc.
   * Bump standards version to 3.8.4 (no changes required).
   * Use ${misc:Depends}.
   * Adopt the package (closes: #535261, #527840).
 .
   [Rogério Brito]
   * debian/copyright:
     + include versioned link to the GPL.
   * debian/*
     + convert to source format "3.0 (quilt)".
   * debian/{control,compat}:
     + bump compat to 5.
   * debian/control:
     + remove dpatch build-dep and calls in debian/rules.
     + include Homepage field.
     + build-depend on unversioned automake.
     + build-depend on versioned lesstif.
     + wrap build-depends line to keep sanity.
     + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
     + remove debian revision from versioned build-deps.
     + update standards-version to 3.8.3, with no extra changes required.
   * debian/rules:
     + remove commented lines.
     + fix the includes for lesstif. (See below).
     + remove deprecated dh_desktop helper.
     + don't ignore errors when calling "make -i distclean".
     + separate configuration from package compilation to keep things tidy.
     + don't remove recursively things that are only files.
   * debian/patches:
     + rename 00list to series.
     + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
     + refresh enabled patches to avoid potential problems with buildds.
     + escape minus signs from manpages.
     + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
     + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
     + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
   * debian/xpdf-common.postint:
     + don't use command with path in maintainer script.
   * debian/watch:
     + create watch file.
   * debian/xpdf.desktop:
     + remove obsolete indication of encoding.
     + remove custom category "PDFViewer".
   * debian/xpdf-reader.menu:
     + update obsolete section Apps -> Applications.
   * debian/xpdf-reader.dirs:
     + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
   * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).
Checksums-Sha1: 
 607071a95905109f13e39d88a3d802abe265e508 1321 xpdf_3.02-2.dsc
 6b99897cd07f370c9e7e4e4d8d74a03fa4beb805 57073 xpdf_3.02-2.debian.tar.gz
 ca085c742070463e7cbbf27affdc3e44859f66b3 1294 xpdf_3.02-2_all.deb
 942d2a45a6cd70c6d3951049c329032c374cf1e7 68622 xpdf-common_3.02-2_all.deb
 77c8b97a14881bd9f7be8e18184b66437b2eab7c 524810 xpdf-reader_3.02-2_amd64.deb
 bc16ee7750abcde975b8211d012a694cd7834388 2140428 xpdf-utils_3.02-2_amd64.deb
Checksums-Sha256: 
 43862bc71603b126b3c602dac8fb0e490fdb5fc980b51d6002d7391749d5a867 1321 
xpdf_3.02-2.dsc
 527042891fde9694688ec218e772e9e78e7f9294986a19e4c2022a7be94c6343 57073 
xpdf_3.02-2.debian.tar.gz
 7e330badd3ceab5b125ff37ec92f6ad8f9e4a08ee618d76da5117aea205b8e8b 1294 
xpdf_3.02-2_all.deb
 862a6b4105f1f6c32811ee7525c38713f6c56d1bc65fbc499158e403f3e48fb1 68622 
xpdf-common_3.02-2_all.deb
 6f9767adcf661ad174e58b7390540a307a6b2cdb14dd63f6dec597c74d879bb4 524810 
xpdf-reader_3.02-2_amd64.deb
 bcd2994cad3e16fe788c282a845031fdf5d067a33c6b4d98e62ce0ee224e4ebe 2140428 
xpdf-utils_3.02-2_amd64.deb
Files: 
 e36204000e4e06931ca4808c002e6248 1321 text optional xpdf_3.02-2.dsc
 abb34293474707aee36c17f27418b7c8 57073 text optional xpdf_3.02-2.debian.tar.gz
 6f1f9e17b791d2f06fa12c9daad1ee95 1294 text optional xpdf_3.02-2_all.deb
 687e4a1cbc5d3a1a0fe4ce0972fb6792 68622 text optional xpdf-common_3.02-2_all.deb
 1248466dacd12cba1f5a3757484966fb 524810 text optional 
xpdf-reader_3.02-2_amd64.deb
 1ec0d9c7531e1e734e2254fdc63795ff 2140428 text optional 
xpdf-utils_3.02-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku3f2QACgkQHYflSXNkfP/k+QCeKrw6JB+NiXhAOJPlS3KiaAFC
yp8An3a07d6QEolNDZCeqoZEGPIHS288
=MjTQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to