Message-ID: <email address hidden> Date: Thu, 23 Dec 2004 13:51:27 +0100 From: Martin Pitt <email address hidden> To: Debian Bug Tracking System <email address hidden> Cc: <email address hidden> Subject: xpdf: Vulnerable to CAN-2004-1125
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Package: xpdf Version: 3.0.0-10 Severity: grave Tags: security patch Justification: user security hole
Hi Hamish!
xpdf is vulnerable to CAN-2004-1125, see
http://www.idefense.com/application/poi/display?id=3D172
for details.
Woody is probably affected as well, but I did not check that.
You can get the Ubuntu security patch from
http://patches.ubuntu.com/patches/xpdf.CAN-2004-1125.diff
Please note that xpdf code is also present in other packages like tetex-bin, CUPS, gpdf, kpdf, kfax, xv, and possibly others. I already patched the Ubuntu versions of tetex-bin and CUPS, I will write separate bugs for these two packages.
Thanks,
Martin
--=20 Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
--45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFByr9PDecnbV4Fd/IRAlXIAKCNeZyHtzOXKupSgBVTwXPQJ/XCWwCfQD99 1L9LCGqgQcOLiPC2ITJmbnA= =U9lr -----END PGP SIGNATURE-----
--45Z9DzgjV8m4Oswq--
Message-ID: <email address hidden>
Date: Thu, 23 Dec 2004 13:51:27 +0100
From: Martin Pitt <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Cc: <email address hidden>
Subject: xpdf: Vulnerable to CAN-2004-1125
--45Z9DzgjV8m4Oswq Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: xpdf
Version: 3.0.0-10
Severity: grave
Tags: security patch
Justification: user security hole
Hi Hamish!
xpdf is vulnerable to CAN-2004-1125, see
http:// www.idefense. com/application /poi/display? id=3D172
for details.
Woody is probably affected as well, but I did not check that.
You can get the Ubuntu security patch from
http:// patches. ubuntu. com/patches/ xpdf.CAN- 2004-1125. diff
Please note that xpdf code is also present in other packages like
tetex-bin, CUPS, gpdf, kpdf, kfax, xv, and possibly others. I already
patched the Ubuntu versions of tetex-bin and CUPS, I will write
separate bugs for these two packages.
Thanks,
Martin
--=20 www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://
--45Z9DzgjV8m4Oswq pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
nbV4Fd/ IRAlXIAKCNeZyHt zOXKupSgBVTwXPQ J/XCWwCfQD99 2ITJmbnA=
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFByr9PDec
1L9LCGqgQcOLiPC
=U9lr
-----END PGP SIGNATURE-----
--45Z9DzgjV8m4O swq--