Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>: Bug#342289; Package pdftohtml.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xpdf security problems partially affect pdftohtml as well
Date: Tue, 06 Dec 2005 22:52:31 +0100
Package: pdftohtml
Severity: grave
Tags: security
Justification: user security hole
Some security problems have been found in xpdf, of which pdftohtml ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues
(not all of them, as it ships an older copy than current xpdf):
CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342http://www.idefense.com/application/poi/display?id=343CVE-2005-3192:
http://www.idefense.com/application/poi/display?id=344
pdftohtml is not vulnerable to CVE-2005-3193.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.