Author: jmm-guest Date: 2006-01-06 12:43:30 +0000 (Fri, 06 Jan 2006) New Revision: 3240 Modified: data/CVE/list Log: four more security problems in xpdf code, as usual applies to eight source packages. For etch we need to port as many packages as possible to use the poppler lib, Ubuntu has some patches as mpitt told me. If someone has some time available please dig up the patches and contact the respective maintainers. Maybe we can even link xpdf itself against poppler :-) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-06 10:39:57 UTC (rev 3239) +++ data/CVE/list 2006-01-06 12:43:30 UTC (rev 3240) @@ -2501,14 +2501,18 @@ RESERVED CVE-2005-3628 RESERVED -CVE-2005-3627 +CVE-2005-3627 [xpdf buffer overflow] RESERVED -CVE-2005-3626 + - poppler 0.4.3-2 +CVE-2005-3626 [xpdf null pointer dos] RESERVED -CVE-2005-3625 + - poppler 0.4.3-2 +CVE-2005-3625 [xpdf endless loop] RESERVED -CVE-2005-3624 + - poppler 0.4.3-2 +CVE-2005-3624 [xpdf heap overflow] RESERVED + - poppler 0.4.3-2 CVE-2005-3623 [Incorrect ACLs only read-only NFS shares] RESERVED [sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs) @@ -3957,7 +3961,8 @@ - pdftohtml <unfixed> (bug #342289; medium) - kdegraphics 4:3.4.3-4 (bug #342287; medium) NOTE: Previous kdegraphics fix was incomplete - - poppler 0.4.2-1.1 (bug #342288; medium) + - poppler 0.4.3-2 (bug #342288; medium) + NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete - tetex-bin 3.0-11 (bug #342292; medium) - koffice 1:1.4.2-5 (bug #342294; medium) - libextractor 0.5.8-1 (medium)