Debian Bug report logs - #342289
xpdf security problems partially affect pdftohtml as well

version graph

Package: pdftohtml; Maintainer for pdftohtml is Frederic Peters <fpeters@debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 6 Dec 2005 22:04:31 UTC

Severity: grave

Tags: security

Fixed in version 0.36-12

Done: Frederic Peters <fpeters@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#342289; Package pdftohtml. Full text and rfc822 format available.
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xpdf security problems partially affect pdftohtml as well
Date: Tue, 06 Dec 2005 22:52:31 +0100

Package: pdftohtml
Severity: grave
Tags: security
Justification: user security hole

Some security problems have been found in xpdf, of which pdftohtml ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues
(not all of them, as it ships an older copy than current xpdf):

CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342
http://www.idefense.com/application/poi/display?id=343

CVE-2005-3192:
http://www.idefense.com/application/poi/display?id=344

pdftohtml is not vulnerable to CVE-2005-3193.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility. Full text and rfc822 format available.
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 342289-done@bugs.debian.org (full text, mbox):

From: Frederic Peters <fpeters@debian.org>
To: 342289-done@bugs.debian.org
Subject: fixed in 0.36-12
Date: Wed, 10 May 2006 20:37:17 +0200

Version: 0.36-12

xpdf patch has been applied in 0.36-12.


        Frederic
Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 00:54:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Feb 9 19:26:19 2010; Machine Name: busoni.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.