Your message dated Sat, 17 Nov 2007 07:32:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#450630: fixed in kdegraphics 4:3.5.7-4+lenny1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: kdegraphics
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.
CVE-2007-4352[0]:
| Array index error in the DCTStream::readProgressiveDataUnit method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote
| attackers to trigger memory corruption and execute arbitrary code via
| a crafted PDF file.
CVE-2007-5392[1]:
| Integer overflow in the DCTStream::reset method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows
| remote attackers to execute arbitrary code via a crafted PDF
| file, resulting in a heap-based buffer overflow.
CVE-2007-5393[2]:
| Heap-based buffer overflow in the CCITTFaxStream::lookChar
| method in xpdf/Stream.cc in Xpdf 3.02 with
| xpdf-3.02pl1.patch allows remote attackers to execute
| arbitrary code via a PDF file that contains a crafted
| CCITTFaxDecode filter.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp5sDpfz87J3.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: kdegraphics
Source-Version: 4:3.5.7-4+lenny1
We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:
kamera_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kamera_3.5.7-4+lenny1_i386.deb
kcoloredit_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kcoloredit_3.5.7-4+lenny1_i386.deb
kdegraphics-dbg_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kdegraphics-dbg_3.5.7-4+lenny1_i386.deb
kdegraphics-dev_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kdegraphics-dev_3.5.7-4+lenny1_i386.deb
kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
to pool/main/k/kdegraphics/kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
kdegraphics_3.5.7-4+lenny1.diff.gz
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1.diff.gz
kdegraphics_3.5.7-4+lenny1.dsc
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1.dsc
kdegraphics_3.5.7-4+lenny1_all.deb
to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1_all.deb
kdvi_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kdvi_3.5.7-4+lenny1_i386.deb
kfax_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kfax_3.5.7-4+lenny1_i386.deb
kfaxview_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kfaxview_3.5.7-4+lenny1_i386.deb
kgamma_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kgamma_3.5.7-4+lenny1_i386.deb
kghostview_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kghostview_3.5.7-4+lenny1_i386.deb
kiconedit_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kiconedit_3.5.7-4+lenny1_i386.deb
kmrml_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kmrml_3.5.7-4+lenny1_i386.deb
kolourpaint_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kolourpaint_3.5.7-4+lenny1_i386.deb
kooka_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kooka_3.5.7-4+lenny1_i386.deb
kpdf_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kpdf_3.5.7-4+lenny1_i386.deb
kpovmodeler_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kpovmodeler_3.5.7-4+lenny1_i386.deb
kruler_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kruler_3.5.7-4+lenny1_i386.deb
ksnapshot_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/ksnapshot_3.5.7-4+lenny1_i386.deb
ksvg_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/ksvg_3.5.7-4+lenny1_i386.deb
kuickshow_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kuickshow_3.5.7-4+lenny1_i386.deb
kview_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kview_3.5.7-4+lenny1_i386.deb
kviewshell_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/kviewshell_3.5.7-4+lenny1_i386.deb
libkscan-dev_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/libkscan-dev_3.5.7-4+lenny1_i386.deb
libkscan1_3.5.7-4+lenny1_i386.deb
to pool/main/k/kdegraphics/libkscan1_3.5.7-4+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated kdegraphics package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Nov 2007 09:57:48 +0100
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev
kruler kcoloredit kamera kdegraphics-dev libkscan1 kdegraphics-dbg kview
kdegraphics-doc-html kpdf ksvg kdvi kiconedit kfax kfaxview kuickshow kooka
kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: source i386 all
Version: 4:3.5.7-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
kamera - digital camera io_slave for Konqueror
kcoloredit - a color palette editor and color picker for KDE
kdegraphics - graphics apps from the official KDE release
kdegraphics-dbg - debugging symbols for kdegraphics
kdegraphics-dev - development files for the KDE graphics module
kdegraphics-doc-html - KDE graphics documentation in HTML format
kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files
kdvi - dvi viewer for KDE
kfax - G3/G4 fax viewer for KDE
kfaxview - G3/G4 fax viewer for KDE using kviewshell
kgamma - gamma correction module for the KDE Control Center
kghostview - PostScript viewer for KDE
kiconedit - an icon editor for KDE
kmrml - a Konqueror plugin for searching pictures
kolourpaint - a simple paint program for KDE
kooka - scanner program for KDE
kpdf - PDF viewer for KDE
kpovmodeler - a graphical editor for povray scenes
kruler - a screen ruler and color measurement tool for KDE
ksnapshot - screenshot utility for KDE
ksvg - SVG viewer for KDE
kuickshow - KDE image/slideshow viewer
kview - simple image viewer/converter for KDE
kviewshell - generic framework for viewer applications in KDE
libkscan-dev - development files for the KDE scanner library
libkscan1 - scanner library for KDE
Closes: 450630
Changes:
kdegraphics (4:3.5.7-4+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing security team.
* Included post-3.5.8-kdegraphics-kpdf.diff to address the
following security issues (Closes: #450630)
- CVE-2007-5393 buffer overflow in the CCITTFaxStream::lookChar leading
to arbitrary code execution via a crafted pdf file.
- CVE-2007-5392 integer overflow in the DCTStream::reset resulting in a
heap based buffer overflow allows code execution.
- CVE-2007-4352 array index error in DCTStream::readProgressiveDataUnit
leads to memory corruption and possibly arbitrary code execution.
Files:
e38ba3f815476ba7b2dfb49ba417dbcd 1420 kde optional
kdegraphics_3.5.7-4+lenny1.dsc
460e518dd7e1d525dc97a1c60f015e72 345945 kde optional
kdegraphics_3.5.7-4+lenny1.diff.gz
28584a5ab59479a214bf109245b75955 12306 kde optional
kdegraphics_3.5.7-4+lenny1_all.deb
7a7932a4e55900b96ab0b92eb5fc7c32 150594 doc optional
kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
20665a60aff53f2d1fe9e4b5f4dcddca 82718 graphics optional
kamera_3.5.7-4+lenny1_i386.deb
2bf61a756ee1c1d5c8aca79eed775dca 97188 graphics optional
kcoloredit_3.5.7-4+lenny1_i386.deb
74aabd870b6491126d6363ffa722e0ed 97446 devel optional
kdegraphics-dev_3.5.7-4+lenny1_i386.deb
15067249feb2b36d4fa3dcbf0a21d09e 259466 kde optional
kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
9ed6c71dc3f5199ebd7dd7c08d479c05 525672 graphics optional
kdvi_3.5.7-4+lenny1_i386.deb
8ad490a149ae74d6b0aef352fdd53e91 139572 graphics optional
kfax_3.5.7-4+lenny1_i386.deb
7281cadcb1c16d7a31800c4f9a6ecdeb 103278 graphics optional
kfaxview_3.5.7-4+lenny1_i386.deb
baab50c91cf4214287c4d1c044b43ffd 71096 graphics optional
kgamma_3.5.7-4+lenny1_i386.deb
65b9f2495bd93a1d410fd71d27dec3ef 229910 graphics optional
kghostview_3.5.7-4+lenny1_i386.deb
c22ccc4c8695ca562d4ccd0b3a9a5549 168830 graphics optional
kiconedit_3.5.7-4+lenny1_i386.deb
a37bb145fc7fa919a2d552a04274982b 219918 kde optional
kmrml_3.5.7-4+lenny1_i386.deb
094d202c92bae9b94548733a12d1cb3e 1062564 graphics optional
kolourpaint_3.5.7-4+lenny1_i386.deb
bb042aa8e484498bafa299765f8566ca 751586 graphics optional
kooka_3.5.7-4+lenny1_i386.deb
cf2bf0f847f71061501d268dcfc28309 813848 graphics optional
kpdf_3.5.7-4+lenny1_i386.deb
3ab989338da0d1e9f15e1166585fa5ea 2232786 graphics optional
kpovmodeler_3.5.7-4+lenny1_i386.deb
0eea36573cd1130f4c12393d6363906e 60944 graphics optional
kruler_3.5.7-4+lenny1_i386.deb
6bc8c0f2652f7049bc4268a233c20a04 167058 graphics optional
ksnapshot_3.5.7-4+lenny1_i386.deb
67e16ddbbcb90f4b66c2a05b7578d45d 1270236 graphics optional
ksvg_3.5.7-4+lenny1_i386.deb
628687438c7e5b5c7a167db333824491 486766 graphics optional
kuickshow_3.5.7-4+lenny1_i386.deb
404df14afd56e9648622249ce333b170 395960 graphics optional
kview_3.5.7-4+lenny1_i386.deb
4c73c13105c200f079fc8a3f7dc20c18 787078 graphics optional
kviewshell_3.5.7-4+lenny1_i386.deb
63f55be980425b3f425066a16903d2a6 12136 libdevel optional
libkscan-dev_3.5.7-4+lenny1_i386.deb
49f4e105469dbc808eaa0ec8cdf11585 129796 libs optional
libkscan1_3.5.7-4+lenny1_i386.deb
b5dd2d50f3a041de14b1e9419f5a0b4f 25353270 libdevel extra
kdegraphics-dbg_3.5.7-4+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHPX9nHYflSXNkfP8RAmzUAKCXoQM3A0G7BCYclRyE27StLzuyhgCgkiQM
fGqYPCcWfj62Di5dg0fTlDQ=
=Ii3H
-----END PGP SIGNATURE-----
--- End Message ---
