Launchpad has imported 12 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=345101.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-10-22T12:37:39+00:00 Tomas wrote: Alin Rad Pop of the Secunia Research discovered a vulnerability in xpdf/Stream.cc code: An array indexing error exists within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc. This can be exploited to corrupt memory via a specially crafted PDF file. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/0 ------------------------------------------------------------------------ On 2007-10-26T06:56:09+00:00 Tomas wrote: Created attachment 238491 xpdf-3.02pl2 first draft from Derek B. Noonburg addressing CVE-2007-{4352,5392,5393} Comments from Derek: The fixes for the first two bugs (in DCTStream) are pretty straightforward. The CCITTFaxStream inner loop code has been rewritten (because I was unhappy with the design, and it was resulting in too many problems). Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/1 ------------------------------------------------------------------------ On 2007-11-07T16:27:39+00:00 Josh wrote: This is now public: http://marc.info/?l=full-disclosure&m=119445179723160&w=2 Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/2 ------------------------------------------------------------------------ On 2007-11-08T06:03:33+00:00 Fedora wrote: cups-1.3.4-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/3 ------------------------------------------------------------------------ On 2007-11-08T08:38:17+00:00 Tomas wrote: KDE security advisory with official patches for kdegraphics and koffice: http://www.kde.org/info/security/advisory-20071107-1.txt Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/4 ------------------------------------------------------------------------ On 2007-11-09T10:33:38+00:00 Tomas wrote: Official xpdf patch is available on xpdf upstream page: http://www.foolabs.com/xpdf/download.html ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/7 ------------------------------------------------------------------------ On 2007-11-09T23:51:51+00:00 Fedora wrote: cups-1.2.12-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/8 ------------------------------------------------------------------------ On 2008-02-08T08:17:24+00:00 Fedora wrote: poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7 Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/12 ------------------------------------------------------------------------ On 2008-02-13T05:19:45+00:00 Fedora wrote: poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/13 ------------------------------------------------------------------------ On 2008-02-13T15:00:40+00:00 Fedora wrote: poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/14 ------------------------------------------------------------------------ On 2008-02-13T15:09:43+00:00 Fedora wrote: poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/15 ------------------------------------------------------------------------ On 2008-02-15T15:01:19+00:00 Red wrote: This issue was addressed in: Red Hat Enterprise Linux: cups: http://rhn.redhat.com/errata/RHSA-2007-1021.html http://rhn.redhat.com/errata/RHSA-2007-1022.html gpdf: http://rhn.redhat.com/errata/RHSA-2007-1025.html poppler: http://rhn.redhat.com/errata/RHSA-2007-1026.html xpdf: http://rhn.redhat.com/errata/RHSA-2007-1029.html http://rhn.redhat.com/errata/RHSA-2007-1030.html tetex: http://rhn.redhat.com/errata/RHSA-2007-1027.html kdegraphics: http://rhn.redhat.com/errata/RHSA-2007-1024.html Fedora: kdegraphics: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2985 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3001 xpdf: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3031 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3014 koffice: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3059 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3093 cups: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3100 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2982 poppler: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1651 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4031 tetex: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3390 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3308 Reply at: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944/comments/16 ** Changed in: fedora Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/160944 Title: [xpdf] multiple security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/160944/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
