Your message dated Wed, 26 Sep 2007 22:47:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444015: fixed in kdegraphics 4:3.5.7-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: kdegraphics
Version: 4:3.5.7-3
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.
CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049
Cheers
Steffen
--- End Message ---
--- Begin Message ---
Source: kdegraphics
Source-Version: 4:3.5.7-4
We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:
kamera_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kamera_3.5.7-4_i386.deb
kcoloredit_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kcoloredit_3.5.7-4_i386.deb
kdegraphics-dbg_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kdegraphics-dbg_3.5.7-4_i386.deb
kdegraphics-dev_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kdegraphics-dev_3.5.7-4_i386.deb
kdegraphics-doc-html_3.5.7-4_all.deb
to pool/main/k/kdegraphics/kdegraphics-doc-html_3.5.7-4_all.deb
kdegraphics-kfile-plugins_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.7-4_i386.deb
kdegraphics_3.5.7-4.diff.gz
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4.diff.gz
kdegraphics_3.5.7-4.dsc
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4.dsc
kdegraphics_3.5.7-4_all.deb
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4_all.deb
kdvi_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kdvi_3.5.7-4_i386.deb
kfax_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kfax_3.5.7-4_i386.deb
kfaxview_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kfaxview_3.5.7-4_i386.deb
kgamma_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kgamma_3.5.7-4_i386.deb
kghostview_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kghostview_3.5.7-4_i386.deb
kiconedit_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kiconedit_3.5.7-4_i386.deb
kmrml_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kmrml_3.5.7-4_i386.deb
kolourpaint_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kolourpaint_3.5.7-4_i386.deb
kooka_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kooka_3.5.7-4_i386.deb
kpdf_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kpdf_3.5.7-4_i386.deb
kpovmodeler_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kpovmodeler_3.5.7-4_i386.deb
kruler_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kruler_3.5.7-4_i386.deb
ksnapshot_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/ksnapshot_3.5.7-4_i386.deb
ksvg_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/ksvg_3.5.7-4_i386.deb
kuickshow_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kuickshow_3.5.7-4_i386.deb
kview_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kview_3.5.7-4_i386.deb
kviewshell_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/kviewshell_3.5.7-4_i386.deb
libkscan-dev_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/libkscan-dev_3.5.7-4_i386.deb
libkscan1_3.5.7-4_i386.deb
to pool/main/k/kdegraphics/libkscan1_3.5.7-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ana Beatriz Guerrero Lopez <[EMAIL PROTECTED]> (supplier of updated kdegraphics
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 26 Sep 2007 11:15:28 +0200
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev
kruler kcoloredit kamera kdegraphics-dev libkscan1 kdegraphics-dbg kview
kdegraphics-doc-html kpdf ksvg kdvi kiconedit kfax kfaxview kuickshow kooka
kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: source i386 all
Version: 4:3.5.7-4
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Ana Beatriz Guerrero Lopez <[EMAIL PROTECTED]>
Description:
kamera - digital camera io_slave for Konqueror
kcoloredit - a color palette editor and color picker for KDE
kdegraphics - graphics apps from the official KDE release
kdegraphics-dbg - debugging symbols for kdegraphics
kdegraphics-dev - development files for the KDE graphics module
kdegraphics-doc-html - KDE graphics documentation in HTML format
kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files
kdvi - dvi viewer for KDE
kfax - G3/G4 fax viewer for KDE
kfaxview - G3/G4 fax viewer for KDE using kviewshell
kgamma - gamma correction module for the KDE Control Center
kghostview - PostScript viewer for KDE
kiconedit - an icon editor for KDE
kmrml - a Konqueror plugin for searching pictures
kolourpaint - a simple paint program for KDE
kooka - scanner program for KDE
kpdf - PDF viewer for KDE
kpovmodeler - a graphical editor for povray scenes
kruler - a screen ruler and color measurement tool for KDE
ksnapshot - screenshot utility for KDE
ksvg - SVG viewer for KDE
kuickshow - KDE image/slideshow viewer
kview - simple image viewer/converter for KDE
kviewshell - generic framework for viewer applications in KDE
libkscan-dev - development files for the KDE scanner library
libkscan1 - scanner library for KDE
Closes: 435120 444015
Changes:
kdegraphics (4:3.5.7-4) unstable; urgency=high
.
* Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
function in xpd that might allow remote attackers to execute arbitrary code
via a crafted PDF file. CVE-2007-504. (Closes: #444015)
.
* Update section in Debian menu files. Thanks to Yann Dirson for
suggestions. (Closes: #435120)
Files:
ec988808484dd49052f7abd650137cbf 1438 kde optional kdegraphics_3.5.7-4.dsc
d049d743d348c5a8accfd61894efeb6b 344703 kde optional
kdegraphics_3.5.7-4.diff.gz
30ef78cd34d1f63da76a229f85a9dd91 12066 kde optional kdegraphics_3.5.7-4_all.deb
24dcc18916e8bc50774df4136b4a9ac7 149070 doc optional
kdegraphics-doc-html_3.5.7-4_all.deb
6f6d025ec6228d55acd7b3e1fa4ce00b 81626 graphics optional
kamera_3.5.7-4_i386.deb
48fa934cc16536d969475815df62bca5 96596 graphics optional
kcoloredit_3.5.7-4_i386.deb
9ea9177a5ddb89c4ea4628615f33d2c5 95810 devel optional
kdegraphics-dev_3.5.7-4_i386.deb
bd803d1ee30517a3210a0a1f1e6748e3 261910 kde optional
kdegraphics-kfile-plugins_3.5.7-4_i386.deb
fce0d8d5a5bba383c1fcda46628dbf3c 525326 graphics optional kdvi_3.5.7-4_i386.deb
bf5fe8ea8f19d80b1192ec943d72bf17 139170 graphics optional kfax_3.5.7-4_i386.deb
5d794b3ca1c2c37b9f03c21c75edb0de 102610 graphics optional
kfaxview_3.5.7-4_i386.deb
63652746f114cd34a1fe917723bd6e25 70868 graphics optional
kgamma_3.5.7-4_i386.deb
e19a7e456c4787093b0b0c4fb39ce99d 228780 graphics optional
kghostview_3.5.7-4_i386.deb
ed01699f1648eae05f0ade9402d971e7 168612 graphics optional
kiconedit_3.5.7-4_i386.deb
5d6e089f4d31a5779eec1e9714017366 219418 kde optional kmrml_3.5.7-4_i386.deb
8634da1b15a06b5f01d12ed14c371eba 1061648 graphics optional
kolourpaint_3.5.7-4_i386.deb
0928e1ffcffa48b74a8fd3b6856685ef 751344 graphics optional
kooka_3.5.7-4_i386.deb
43367ae247f90bccf3271e51a9be08e5 814140 graphics optional kpdf_3.5.7-4_i386.deb
ab4e6e33ec8454fb096e4a72cdfb5fa6 2232142 graphics optional
kpovmodeler_3.5.7-4_i386.deb
98231d2dc17687bc343e15f7712713b5 60430 graphics optional
kruler_3.5.7-4_i386.deb
cbd3b4bbeba177196bde30409ed69ec7 166542 graphics optional
ksnapshot_3.5.7-4_i386.deb
879246202440ba66bf25ab6e34a54cc4 1271638 graphics optional
ksvg_3.5.7-4_i386.deb
b72b5e139aa54cbd169aae34385b90fc 485906 graphics optional
kuickshow_3.5.7-4_i386.deb
e9296ff38794f1097f0038043a825c44 389430 graphics optional
kview_3.5.7-4_i386.deb
612660089b42609d89a03cac87e42365 787082 graphics optional
kviewshell_3.5.7-4_i386.deb
a6e2ec35093eec850429f274675ad7cb 11888 libdevel optional
libkscan-dev_3.5.7-4_i386.deb
280ff032d89d48bf7d081c01d6a96613 129408 libs optional
libkscan1_3.5.7-4_i386.deb
760f05f91b89eb0eb4c947f493305ae8 51007664 libdevel extra
kdegraphics-dbg_3.5.7-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFG+tNBn3j4POjENGERAmHVAJ9rAEIa4M+4taAyd8vPhsAOdLO7BQCfV1db
hrbThZFdE+5SbmLPDTNvchE=
=2cwe
-----END PGP SIGNATURE-----
--- End Message ---
