Multiple Vendor xpdf - Buffer Overflow Vulnerability

Automatically imported from Debian bug report #286742 http://bugs.debian.org/286742

Message-Id: <email address hidden>
Date: Wed, 22 Dec 2004 00:21:53 +0200
From: Ido Kanner <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Multiple Vendor xpdf - Buffer Overflow Vulnerability

Package: xpdf-reader
Version: 3.00-10
Severity: grave
Justification: user security hole

A security problem was found at xpdf at the address of:
http://www.securiteam.com/unixfocus/6U00T0AC0S.html

The vendor has released a patch for fixing the problem at the address:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch

Please apply this patch as soon as possible :)

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-686
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages xpdf depends on:
ii xpdf-common 3.00-10 Portable Document Format (PDF) sui
ii xpdf-reader 3.00-10 Portable Document Format (PDF) sui
ii xpdf-utils 3.00-10 Portable Document Format (PDF) sui

Versions of packages xpdf-reader depends on:
ii gsfonts 8.14+v8.11-0.1 Fonts for the Ghostscript interpre
ii lesstif2 1:0.93.94-11 OSF/Motif 2.1 implementation relea
ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-6 GCC support library
ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension
ii libxpm4 4.3.0.dfsg.1-10 X pixmap library
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii xpdf-common 3.00-10 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.2-4 compression library - runtime

-- no debconf information

Message-id: <email address hidden>
Date: Wed, 22 Dec 2004 00:44:12 +0200
From: Lior Kaplan <email address hidden>
To: <email address hidden>
Subject: change it tags

package xpdf-reader
tags 286742 security

--

Regards,

Lior Kaplan
<email address hidden>
http://www.Guides.co.il

Debian GNU/Linux unstable (SID)

Message-id: <email address hidden>
Date: Wed, 22 Dec 2004 00:55:04 +0200
From: Lior Kaplan <email address hidden>
To: <email address hidden>
Subject: Processed: change it tags

package xpdf-reader
tags 286742 patch

Message-ID: <email address hidden>
Date: 22 Dec 2004 14:44:52 +0100
From: Hendrik Weimer <email address hidden>
To: <email address hidden>
Subject: retitle

retitle 286742 [CAN-2004-1125] Multiple Vendor xpdf - Buffer Overflow Vulnerability

thanks

Message-Id: <email address hidden>
Date: Wed, 22 Dec 2004 16:47:37 -0500
From: Hamish Moffatt <email address hidden>
To: <email address hidden>
Subject: Bug#286742: fixed in xpdf 3.00-11

Source: xpdf
Source-Version: 3.00-11

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.00-11_all.deb
  to pool/main/x/xpdf/xpdf-common_3.00-11_all.deb
xpdf-reader_3.00-11_i386.deb
  to pool/main/x/xpdf/xpdf-reader_3.00-11_i386.deb
xpdf-utils_3.00-11_i386.deb
  to pool/main/x/xpdf/xpdf-utils_3.00-11_i386.deb
xpdf_3.00-11.diff.gz
  to pool/main/x/xpdf/xpdf_3.00-11.diff.gz
xpdf_3.00-11.dsc
  to pool/main/x/xpdf/xpdf_3.00-11.dsc
xpdf_3.00-11_all.deb
  to pool/main/x/xpdf/xpdf_3.00-11_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hamish Moffatt <email address hidden> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Thu, 23 Dec 2004 08:16:24 +1100
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.00-11
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <email address hidden>
Changed-By: Hamish Moffatt <email address hidden>
Description:
 xpdf - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 286742
Changes:
 xpdf (3.00-11) unstable; urgency=high
 .
   * SECURITY UPDATE: fix potential buffer overflow
     Applied patch to colour map handling in xpdf/Gfx.cc (closes: #286742)
   * References: CAN-2004-1125
Files:
 223c9e58ffd757a496111d4510abecdd 879 text optional xpdf_3.00-11.dsc
 cd657ffcd7064c56072f49ffa615faff 47118 text optional xpdf_3.00-11.diff.gz
 9192691b67d2d95c3c0c06eb77d58f77 1274 text optional xpdf_3.00-11_all.deb
 eda3466b47a97061690143f0535e2d7a 55966 text optional xpdf-common_3.00-11_all.deb
 af07b2ee9207cedb374a30eb0ae2cd66 655150 text optional xpdf-reader_3.00-11_i386.deb
 e643fa1c583853ceb8fa44d5debb7249 1238468 text optional xpdf-utils_3.00-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQCVAwUBQcnmCdiYIdPvprnVAQFptQP6A8r2Xq2th/QTXXB6wbBAkg2qGx1txPJF
r1m/PDD2mBDB2YWBli/PALXUp7Nt6pntaCrFbizuM2J0lZmtZ4QrpZSdi1YIKvux
dHtbJy0fUd/AnlX1CLsKg9C3jWrFjEaQqsF0YNlYDZxTYCpcuJe1KJApBkNEfiQk
2rgfBMdOeUo=
=j8a9
-----END PGP SIGNATURE-----

Already fixed in Warty (USN-48-1) and Hoary.