Your message dated Sat, 29 Jul 2006 10:17:04 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334454: fixed in gpdf 2.10.0-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gpdf
Version: 2.8.2-1.3
Severity: important
Tags: security
xpdf and kpdf do not properly validate the "loca" table in PDF files, which
allows local users to cause a denial of service (disk consumption and hang) via
a PDF file with a "broken" loca table, which causes a large temporary file to
be created when xpdf attempts to reconstruct the information.
I haven't personally verified this, but gpdf is probably also vulnerable
as it's from the same codebase.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gpdf depends on:
ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi
ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit
ii libbonobo2-0 2.10.1-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.10.1-1 The Bonobo UI library
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.0.2-2 GCC support library
ii libgconf2-4 2.10.1-6 GNOME configuration database syste
ii libglade2-0 1:2.5.1-2 library to load .glade files at ru
ii libglib2.0-0 2.8.3-1 The GLib library of C routines
ii libgnome2-0 2.10.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.10.2-2 A powerful object-oriented display
ii libgnomeprint2.2-0 2.10.3-3 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.10.2-2 GNOME 2.2 print architecture User
ii libgnomeui-0 2.10.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.10.1-5 The GNOME virtual file-system libr
ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface
ii libice6 6.8.2.dfsg.1-8 Inter-Client Exchange library
ii liborbit2 1:2.12.4-1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libsm6 6.8.2.dfsg.1-8 X Window System Session Management
ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
ii libxml2 2.6.22-1 GNOME XML library
ii xlibs 6.8.2.dfsg.1-8 X Window System client libraries m
ii zlib1g 1:1.2.3-4 compression library - runtime
gpdf recommends no packages.
-- no debconf information
--
see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: gpdf
Source-Version: 2.10.0-4
We believe that the bug you reported is fixed in the latest version of
gpdf, which is due to be installed in the Debian FTP archive:
gpdf_2.10.0-4.diff.gz
to pool/main/g/gpdf/gpdf_2.10.0-4.diff.gz
gpdf_2.10.0-4.dsc
to pool/main/g/gpdf/gpdf_2.10.0-4.dsc
gpdf_2.10.0-4_i386.deb
to pool/main/g/gpdf/gpdf_2.10.0-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Minier <[EMAIL PROTECTED]> (supplier of updated gpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 29 Jul 2006 18:40:52 +0200
Source: gpdf
Binary: gpdf
Architecture: source i386
Version: 2.10.0-4
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Loic Minier <[EMAIL PROTECTED]>
Description:
gpdf - Portable Document Format (PDF) viewer
Closes: 334454
Changes:
gpdf (2.10.0-4) unstable; urgency=low
.
* Add CVE-2006-1244 to the 2.10.0-3 changelog entry, it was assigned
afterwards.
* New patch, 016_CAN-2005-2097-loca-table-sanity, fix CVE-2005-2097.
(Closes: #334454)
* Bump up Standards-Version to 3.7.2.
* Fix encoding of changelog in 2.10.0-2.
* Add ${misc:Depends}.
* Set Maintainer to QA.
* Fix watch file.
Files:
6ca05308493bd433dddd62d5c082e87b 1519 text optional gpdf_2.10.0-4.dsc
4611f7acaae939ab2d7b079f8c78319d 15589 text optional gpdf_2.10.0-4.diff.gz
bbcaad32a3146343a0d353065ed24ec1 808682 text optional gpdf_2.10.0-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEy5PP4VUX8isJIMARAuuqAJ9kV04KkJzZQ8WJgPqrZpaI+Dy8tACfemj3
b5uhu/fKdXSVOg3adFB4B1Q=
=gJDh
-----END PGP SIGNATURE-----
--- End Message ---
