Debian Bug report logs - #342289
xpdf security problems partially affect pdftohtml as well

version graph

Package: pdftohtml; Maintainer for pdftohtml is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 6 Dec 2005 22:04:31 UTC

Severity: grave

Tags: security

Fixed in version 0.36-12

Done: Frederic Peters <fpeters@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#342289; Package pdftohtml. (full text, mbox, link).


Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xpdf security problems partially affect pdftohtml as well
Date: Tue, 06 Dec 2005 22:52:31 +0100
Package: pdftohtml
Severity: grave
Tags: security
Justification: user security hole

Some security problems have been found in xpdf, of which pdftohtml ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues
(not all of them, as it ships an older copy than current xpdf):

CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342
http://www.idefense.com/application/poi/display?id=343

CVE-2005-3192:
http://www.idefense.com/application/poi/display?id=344

pdftohtml is not vulnerable to CVE-2005-3193.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (full text, mbox, link).


Message #10 received at 342289-done@bugs.debian.org (full text, mbox, reply):

From: Frederic Peters <fpeters@debian.org>
To: 342289-done@bugs.debian.org
Subject: fixed in 0.36-12
Date: Wed, 10 May 2006 20:37:17 +0200
Version: 0.36-12

xpdf patch has been applied in 0.36-12.


        Frederic



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 00:54:24 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Aug 2 02:10:27 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.