Comment 0 for bug 11418

Revision history for this message
In , Martin Pitt (pitti) wrote :

Package: xpdf
Version: 3.0.0-10
Severity: grave
Tags: security patch
Justification: user security hole

Hi Hamish!

xpdf is vulnerable to CAN-2004-1125, see

  http://www.idefense.com/application/poi/display?id=172

for details.

Woody is probably affected as well, but I did not check that.

You can get the Ubuntu security patch from

  http://patches.ubuntu.com/patches/xpdf.CAN-2004-1125.diff

Please note that xpdf code is also present in other packages like
tetex-bin, CUPS, gpdf, kpdf, kfax, xv, and possibly others. I already
patched the Ubuntu versions of tetex-bin and CUPS, I will write
separate bugs for these two packages.

Thanks,

Martin

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org