Your message dated Wed, 01 Feb 2006 02:32:12 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#350783: fixed in xpdf 3.01-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Jan 2006 20:13:33 +0000
>From [EMAIL PROTECTED] Tue Jan 31 12:13:33 2006
Return-path: <[EMAIL PROTECTED]>
Received: from mail.gondor.com ([212.117.64.182] helo=moria.gondor.com)
by spohr.debian.org with esmtp (Exim 4.50)
id 1F41sb-0008Kv-4R
for [EMAIL PROTECTED]; Tue, 31 Jan 2006 12:13:33 -0800
Received: from localhost ([10.12.0.2])
by moria.gondor.com (8.13.4/8.13.4/Debian-3) with ESMTP id
k0VKDwCm005268;
Tue, 31 Jan 2006 21:13:58 +0100
Date: Tue, 31 Jan 2006 21:13:31 +0100
From: Jan Niehusmann <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: xpdf: Buffer overflow vulnerability in Splash.cc; CVE-2006-0301
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.18
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: xpdf-reader
Version: 3.01-5
Severity: grave
Tags: security
Justification: user security hole
xpdf is probably vulnerable due to the bug described in
http://www.frsirt.com/english/advisories/2006/0389
(I didn't actually check if it's really vulnerable - but I guess it is)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'oldstable'), (500, 'testing'), (500,
'stable'), (101, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc1-ge066d9a8-dirty
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages xpdf depends on:
ii xpdf-common 3.01-5 Portable Document Format (PDF) sui
ii xpdf-reader 3.01-5 Portable Document Format (PDF) sui
ii xpdf-utils 3.01-5 Portable Document Format (PDF) sui
xpdf recommends no packages.
Versions of packages xpdf-reader depends on:
ii gsfonts 8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre
ii lesstif2 1:0.94.4-1.1 OSF/Motif 2.1 implementation relea
ii libc6 2.3.5-12 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.0.2-8 GCC support library
ii libice6 6.9.0.dfsg.1-4 Inter-Client Exchange library
ii libpaper1 1.1.14-5 Library for handling paper charact
ii libsm6 6.9.0.dfsg.1-4 X Window System Session Management
ii libstdc++6 4.0.2-8 The GNU Standard C++ Library v3
ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r
ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li
ii libxext6 6.9.0.dfsg.1-4 X Window System miscellaneous exte
ii libxp6 6.9.0.dfsg.1-4 X Window System printing extension
ii libxpm4 6.9.0.dfsg.1-4 X pixmap library
ii libxt6 6.9.0.dfsg.1-4 X Toolkit Intrinsics
ii xpdf-common 3.01-5 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.3-9 compression library - runtime
-- no debconf information
---------------------------------------
Received: (at 350783-close) by bugs.debian.org; 1 Feb 2006 10:40:25 +0000
>From [EMAIL PROTECTED] Wed Feb 01 02:40:25 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F4FHY-0007ia-Ph; Wed, 01 Feb 2006 02:32:12 -0800
From: Hamish Moffatt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#350783: fixed in xpdf 3.01-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 01 Feb 2006 02:32:12 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: xpdf
Source-Version: 3.01-6
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.01-6_all.deb
to pool/main/x/xpdf/xpdf-common_3.01-6_all.deb
xpdf-reader_3.01-6_i386.deb
to pool/main/x/xpdf/xpdf-reader_3.01-6_i386.deb
xpdf-utils_3.01-6_i386.deb
to pool/main/x/xpdf/xpdf-utils_3.01-6_i386.deb
xpdf_3.01-6.diff.gz
to pool/main/x/xpdf/xpdf_3.01-6.diff.gz
xpdf_3.01-6.dsc
to pool/main/x/xpdf/xpdf_3.01-6.dsc
xpdf_3.01-6_all.deb
to pool/main/x/xpdf/xpdf_3.01-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hamish Moffatt <[EMAIL PROTECTED]> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 1 Feb 2006 22:42:42 +1300
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.01-6
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <[EMAIL PROTECTED]>
Changed-By: Hamish Moffatt <[EMAIL PROTECTED]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 350783 350785
Changes:
xpdf (3.01-6) unstable; urgency=high
.
* SECURITY UPDATE: fixed buffer overflow in splash image handling
(Splash/splash.cc) using patch supplied by Red Hat:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
(closes: #350785, #350783)
* References: CVE-2006-0301
* My first upload from the side of the road on borrowed wifi
in a foreign country...
Files:
4f1e328b54761f3341951033632dbf0c 1096 text optional xpdf_3.01-6.dsc
99c84b07a0dba4ddf757b5f5624d0f8b 31276 text optional xpdf_3.01-6.diff.gz
0500b4aac7c4643c9027ccecc00750f8 1268 text optional xpdf_3.01-6_all.deb
c76392b45d3938bac1d2ee071d6ad5da 60400 text optional xpdf-common_3.01-6_all.deb
128f26ff7d538eb0d1c9acbf68ec62d0 770348 text optional
xpdf-reader_3.01-6_i386.deb
aa57363855941790ec8941073ae18655 1400174 text optional
xpdf-utils_3.01-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQCVAwUBQ+CJ5tiYIdPvprnVAQJOfQQAmSgPRY+DO5lSzw7IGGqeTAyakRlN+ska
1aJYVO63AcEmySwgrpbvewgct4gav8GZ4Exh3Xfojis+DPMtveDdgPZ2mEZjCGdZ
Rjeqo2BUYlWUBqfDZQ5mBbX1V35oviuvZrEEgsz2TzSFxEChdWfcJW71GUD2V4wp
1P3SIiFrO4w=
=2J4a
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
