Debian Bug report logs - #286742
[CAN-2004-1125] Multiple Vendor xpdf - Buffer Overflow Vulnerability

version graph

Package: xpdf-reader; Maintainer for xpdf-reader is (unknown);

Reported by: Ido Kanner <kanerido@actcom.net.il>

Date: Tue, 21 Dec 2004 22:33:01 UTC

Severity: grave

Tags: patch, security

Found in version 3.00-10

Fixed in version xpdf/3.00-11

Done: Hamish Moffatt <hamish@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Hamish Moffatt <hamish@debian.org>:
Bug#286742; Package xpdf-reader. (full text, mbox, link).

Acknowledgement sent to Ido Kanner <kanerido@actcom.net.il>:
New Bug report received and forwarded. Copy sent to Hamish Moffatt <hamish@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ido Kanner <kanerido@actcom.net.il>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Multiple Vendor xpdf - Buffer Overflow Vulnerability
Date: Wed, 22 Dec 2004 00:21:53 +0200
Package: xpdf-reader
Version: 3.00-10
Severity: grave
Justification: user security hole


A security problem was found at xpdf at the address of:
http://www.securiteam.com/unixfocus/6U00T0AC0S.html

The vendor has released a patch for fixing the problem at the address:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch


Please apply this patch as soon as possible :)


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-686
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages xpdf depends on:
ii  xpdf-common                   3.00-10    Portable Document Format (PDF) sui
ii  xpdf-reader                   3.00-10    Portable Document Format (PDF) sui
ii  xpdf-utils                    3.00-10    Portable Document Format (PDF) sui

Versions of packages xpdf-reader depends on:
ii  gsfonts                  8.14+v8.11-0.1  Fonts for the Ghostscript interpre
ii  lesstif2                 1:0.93.94-11    OSF/Motif 2.1 implementation relea
ii  libc6                    2.3.2.ds1-19    GNU C Library: Shared libraries an
ii  libfreetype6             2.1.7-2.3       FreeType 2 font engine, shared lib
ii  libgcc1                  1:3.4.3-6       GCC support library
ii  libice6                  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libpaper1                1.1.14-3        Library for handling paper charact
ii  libsm6                   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5               1:3.3.5-5       The GNU Standard C++ Library v3
ii  libt1-5                  5.0.2-3         Type 1 font rasterizer library - r
ii  libx11-6                 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6                 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxp6                   4.3.0.dfsg.1-10 X Window System printing extension
ii  libxpm4                  4.3.0.dfsg.1-10 X pixmap library
ii  libxt6                   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  xlibs                    4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  xpdf-common              3.00-10         Portable Document Format (PDF) sui
ii  zlib1g                   1:1.2.2-4       compression library - runtime

-- no debconf information

Tags added: security Request was from Lior Kaplan <webmaster@guides.co.il> to control@bugs.debian.org. (full text, mbox, link).

Tags added: patch Request was from Lior Kaplan <webmaster@guides.co.il> to control@bugs.debian.org. (full text, mbox, link).

Changed Bug title. Request was from Hendrik Weimer <hendrik@enyo.de> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Hamish Moffatt <hamish@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Ido Kanner <kanerido@actcom.net.il>:
Bug acknowledged by developer. (full text, mbox, link).

Message #16 received at 286742-close@bugs.debian.org (full text, mbox, reply):

From: Hamish Moffatt <hamish@debian.org>
To: 286742-close@bugs.debian.org
Subject: Bug#286742: fixed in xpdf 3.00-11
Date: Wed, 22 Dec 2004 16:47:37 -0500
Source: xpdf
Source-Version: 3.00-11

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.00-11_all.deb
  to pool/main/x/xpdf/xpdf-common_3.00-11_all.deb
xpdf-reader_3.00-11_i386.deb
  to pool/main/x/xpdf/xpdf-reader_3.00-11_i386.deb
xpdf-utils_3.00-11_i386.deb
  to pool/main/x/xpdf/xpdf-utils_3.00-11_i386.deb
xpdf_3.00-11.diff.gz
  to pool/main/x/xpdf/xpdf_3.00-11.diff.gz
xpdf_3.00-11.dsc
  to pool/main/x/xpdf/xpdf_3.00-11.dsc
xpdf_3.00-11_all.deb
  to pool/main/x/xpdf/xpdf_3.00-11_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 286742@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hamish Moffatt <hamish@debian.org> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Thu, 23 Dec 2004 08:16:24 +1100
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.00-11
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <hamish@debian.org>
Changed-By: Hamish Moffatt <hamish@debian.org>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 286742
Changes: 
 xpdf (3.00-11) unstable; urgency=high
 .
   * SECURITY UPDATE: fix potential buffer overflow
     Applied patch to colour map handling in xpdf/Gfx.cc (closes: #286742)
   * References: CAN-2004-1125
Files: 
 223c9e58ffd757a496111d4510abecdd 879 text optional xpdf_3.00-11.dsc
 cd657ffcd7064c56072f49ffa615faff 47118 text optional xpdf_3.00-11.diff.gz
 9192691b67d2d95c3c0c06eb77d58f77 1274 text optional xpdf_3.00-11_all.deb
 eda3466b47a97061690143f0535e2d7a 55966 text optional xpdf-common_3.00-11_all.deb
 af07b2ee9207cedb374a30eb0ae2cd66 655150 text optional xpdf-reader_3.00-11_i386.deb
 e643fa1c583853ceb8fa44d5debb7249 1238468 text optional xpdf-utils_3.00-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQCVAwUBQcnmCdiYIdPvprnVAQFptQP6A8r2Xq2th/QTXXB6wbBAkg2qGx1txPJF
r1m/PDD2mBDB2YWBli/PALXUp7Nt6pntaCrFbizuM2J0lZmtZ4QrpZSdi1YIKvux
dHtbJy0fUd/AnlX1CLsKg9C3jWrFjEaQqsF0YNlYDZxTYCpcuJe1KJApBkNEfiQk
2rgfBMdOeUo=
=j8a9
-----END PGP SIGNATURE-----

Bug unarchived. Request was from Stefano Zacchiroli <zack@debian.org> to control@bugs.debian.org. (Sun, 10 Apr 2011 08:44:35 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 09 May 2011 07:41:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Oct 11 12:08:14 2017; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.