Debian Bug report logs -
#342289
xpdf security problems partially affect pdftohtml as well
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 6 Dec 2005 22:04:31 UTC
Severity: grave
Tags: security
Fixed in version 0.36-12
Done: Frederic Peters <fpeters@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#342289; Package pdftohtml.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pdftohtml
Severity: grave
Tags: security
Justification: user security hole
Some security problems have been found in xpdf, of which pdftohtml ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues
(not all of them, as it ships an older copy than current xpdf):
CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342
http://www.idefense.com/application/poi/display?id=343
CVE-2005-3192:
http://www.idefense.com/application/poi/display?id=344
pdftohtml is not vulnerable to CVE-2005-3193.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 342289-done@bugs.debian.org (full text, mbox, reply):
Version: 0.36-12
xpdf patch has been applied in 0.36-12.
Frederic
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Jun 2007 00:54:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Aug 2 02:10:27 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.