Package: xpdf-reader Version: 3.00-13 Severity: grave Tags: security patch Justification: user security hole
CAN-2005-3193 lists a security hole of xpdf. A fix is available at http://www.foolabs.com/xpdf/download.html (the patch seems to be suitable for a security update - only overflow protection added, no new features). It applies cleanly to the debian package. Reportbug just told me there is a new version in incoming. I guess it'll fix the issue, but I decided to still post this report mainly for reference. According to http://www.frsirt.com/english/advisories/2005/2755, "Xpdf version 3.0.1 and prior" are affected, so this may affect sarge and woody. Most of the patch applies cleanly to the sarge version, with a single hunk needing manual changes (the code switched from gmalloc to gmallocn between 3.0 and 3.01). The woody version does not contain the affected code file. I did _not_ check whether equivalent code is contained in some other source file. Based on these observations, I set the version header to 3.00-13. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (500, 'oldstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-rc2-ged73a36d Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages xpdf depends on: ii xpdf-common 3.01-2 Portable Document Format (PDF) sui ii xpdf-reader 3.01-2 Portable Document Format (PDF) sui ii xpdf-utils 3.01-2 Portable Document Format (PDF) sui xpdf recommends no packages. Versions of packages xpdf-reader depends on: ii gsfonts 8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre ii lesstif2 1:0.94.4-1 OSF/Motif 2.1 implementation relea ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-5 GCC support library ii libice6 6.8.2.dfsg.1-11 Inter-Client Exchange library ii libpaper1 1.1.14-3 Library for handling paper charact ii libsm6 6.8.2.dfsg.1-11 X Window System Session Management ii libstdc++6 4.0.2-5 The GNU Standard C++ Library v3 ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-11 X Window System miscellaneous exte ii libxp6 6.8.2.dfsg.1-11 X Window System printing extension ii libxpm4 6.8.2.dfsg.1-11 X pixmap library ii libxt6 6.8.2.dfsg.1-11 X Toolkit Intrinsics ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m ii xpdf-common 3.01-2 Portable Document Format (PDF) sui ii zlib1g 1:1.2.3-8 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
