Comment 2 for bug 11418

Message-ID: <email address hidden>
Date: Thu, 23 Dec 2004 13:51:27 +0100
From: Martin Pitt <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Cc: <email address hidden>
Subject: xpdf: Vulnerable to CAN-2004-1125

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: xpdf
Version: 3.0.0-10
Severity: grave
Tags: security patch
Justification: user security hole

Hi Hamish!

xpdf is vulnerable to CAN-2004-1125, see

  http://www.idefense.com/application/poi/display?id=3D172

for details.

Woody is probably affected as well, but I did not check that.

You can get the Ubuntu security patch from

  http://patches.ubuntu.com/patches/xpdf.CAN-2004-1125.diff

Please note that xpdf code is also present in other packages like
tetex-bin, CUPS, gpdf, kpdf, kfax, xv, and possibly others. I already
patched the Ubuntu versions of tetex-bin and CUPS, I will write
separate bugs for these two packages.

Thanks,

Martin

--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFByr9PDecnbV4Fd/IRAlXIAKCNeZyHtzOXKupSgBVTwXPQJ/XCWwCfQD99
1L9LCGqgQcOLiPC2ITJmbnA=
=U9lr
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--