Your message dated Sun, 18 Apr 2010 01:55:04 +0000
with message-id <e1o3jiy-0003p2...@ries.debian.org>
and subject line Bug#551287: fixed in xpdf 3.02-1.4+lenny2
has caused the Debian Bug report #551287,
regarding xpdf: Security patch Xpdf 3.02pl4 released 2009-oct-14
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
551287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xpdf-reader
Version: 3.02-1.4+lenny1
Severity: grave
Tags: security
Justification: user security hole
Seems to me that Debian needs to update xpdf to 3.02pl4
as released 14 Oct 2009. See also:
Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce.
http://www.securityfocus.com/archive/1/507261
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.12-svr (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages xpdf depends on:
ii xpdf-common 3.02-1.4+lenny1 Portable Document Format (PDF) sui
ii xpdf-reader 3.02-1.4+lenny1 Portable Document Format (PDF) sui
ii xpdf-utils 3.02-1.4+lenny1 Portable Document Format (PDF) sui
xpdf recommends no packages.
xpdf suggests no packages.
Versions of packages xpdf-reader depends on:
ii gsfonts 1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
ii lesstif2 1:0.95.0-2.1 OSF/Motif 2.1 implementation relea
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libfreetype6 2.3.7-2+lenny1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpaper1 1.1.23+nmu1 library for handling paper charact
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libt1-5 5.1.2-3 Type 1 font rasterizer library - r
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxp6 1:1.0.0.xsf1-2 X Printing Extension (Xprint) clie
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii xpdf-common 3.02-1.4+lenny1 Portable Document Format (PDF) sui
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.02-1.4+lenny2
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.02-1.4+lenny2_all.deb
to main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb
xpdf-reader_3.02-1.4+lenny2_i386.deb
to main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_i386.deb
xpdf-utils_3.02-1.4+lenny2_i386.deb
to main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_i386.deb
xpdf_3.02-1.4+lenny2.diff.gz
to main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz
xpdf_3.02-1.4+lenny2.dsc
to main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc
xpdf_3.02-1.4+lenny2_all.deb
to main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 551...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luci...@debian.org> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Mar 2010 17:07:50 -0300
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all i386
Version: 3.02-1.4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Hamish Moffatt <ham...@debian.org>
Changed-By: Luciano Bello <luci...@debian.org>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 551287
Changes:
xpdf (3.02-1.4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixes multiple security issues (Closes: #551287):
- CVE-2009-1188 and CVE-2009-3603:
Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- CVE-2009-3604:
NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- CVE-2009-3606:
Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- CVE-2009-3608:
Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- CVE-2009-3609:
Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
Checksums-Sha1:
23f1907d3f4d2ca0dbecda240917c7243711bd11 1274 xpdf_3.02-1.4+lenny2.dsc
d5968e5a0e8143bffafc42268303e90f7d7fed69 44597 xpdf_3.02-1.4+lenny2.diff.gz
412b9ac40836deab02e1de28a5601417bc0c7415 1270 xpdf_3.02-1.4+lenny2_all.deb
23ea3b75125c0885f774c22972f12b53137412eb 66414
xpdf-common_3.02-1.4+lenny2_all.deb
48de8a31c12d92c8e0ff4484a98895eac383b93d 876446
xpdf-reader_3.02-1.4+lenny2_i386.deb
a220195f12ec2be7cc0cbafbbea6a1235f6f4700 1611516
xpdf-utils_3.02-1.4+lenny2_i386.deb
Checksums-Sha256:
ab9f38563ad8dd6d1c5a06cd7aeea07184eddc33be6a5ac26e9ea33253092add 1274
xpdf_3.02-1.4+lenny2.dsc
4f08f07b26625f3952583455bc7d286b14aa887e853c5273a6b712ddc3a0f929 44597
xpdf_3.02-1.4+lenny2.diff.gz
e21ab043f15ce40b35d48ea8dd3152db735277b0c50953d6edefe35113c61a08 1270
xpdf_3.02-1.4+lenny2_all.deb
2b5b45ecacef62cdf7eb9f3bdcf3eae0c036b5fb8d9066b398a64e4f4a968e1b 66414
xpdf-common_3.02-1.4+lenny2_all.deb
532a0f4cf6622a7a19f3035ff609385663e39f8b134eb19cbe55ab4b3a94fa3c 876446
xpdf-reader_3.02-1.4+lenny2_i386.deb
33c01a2f9a31899330a4b3d2356f520dd97f692fa9085abce940aad6060f1c09 1611516
xpdf-utils_3.02-1.4+lenny2_i386.deb
Files:
6cffe3ed50825b5a2746b71c4bd073ac 1274 text optional xpdf_3.02-1.4+lenny2.dsc
d25be5fd97c9d9171db95025b7c32c5a 44597 text optional
xpdf_3.02-1.4+lenny2.diff.gz
6a4da9738ca93522b57cafadb598ca65 1270 text optional
xpdf_3.02-1.4+lenny2_all.deb
24f28ede9dcaeeb2b7aa24b9603496be 66414 text optional
xpdf-common_3.02-1.4+lenny2_all.deb
c6e9ebb6d5873552e886e33d92aa4f49 876446 text optional
xpdf-reader_3.02-1.4+lenny2_i386.deb
c73e47d9c96298940bd458c7e8879209 1611516 text optional
xpdf-utils_3.02-1.4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkuuXw0ACgkQQWTRs4lLtHnqPwCgrAN8UTzSMIsHZghcri/vMcvE
CVYAoLigcS8qK2KiBK8mQW2tuB0GUhBt
=PxvG
-----END PGP SIGNATURE-----
--- End Message ---
