[util-issues] [Issue 87890] xpdf security buggy.

Fri, 04 Apr 2008 11:33:04 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=87890





------- Additional comments from [EMAIL PROTECTED] Fri Apr  4 18:33:00 +0000 
2008 -------
This is the changelog since 3.02-1:

xpdf (3.02-1.3) unstable; urgency=high

  * Non-maintainer upload by testing security team.
  * Included fix-CVE-2007-5393_2007-5392_2007-4352.dpatch to address the
    following security issues (Closes: #450629)
    - CVE-2007-5393 buffer overflow in the CCITTFaxStream::lookChar leading
      to arbitrary code execution via a crafted pdf file.
    - CVE-2007-5392 integer overflow in the DCTStream::reset resulting in a
      heap based buffer overflow allows code execution.
    - CVE-2007-4352 array index error in DCTStream::readProgressiveDataUnit
      leads to memory corruption and possibly arbitrary code execution.

 -- Nico Golde <[EMAIL PROTECTED]>  Fri, 09 Nov 2007 09:22:19 +0100

xpdf (3.02-1.2) unstable; urgency=high

  * Non-maintainer upload by testing security team.
  * Removed post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch and
    created fix-CVE-2007-3387_CVE-2007-5049.dpatch to have a fix
    for CVE-2007-3387 and a buffer overflow in GetNextLine()
    (CVE-2007-5049) since they are related (Closes: #443906).

 -- Nico Golde <[EMAIL PROTECTED]>  Thu, 27 Sep 2007 12:05:46 +0200

xpdf (3.02-1.1) unstable; urgency=high

  * Non-maintainer upload with permission of the maintainer
  * Fix integer overflow in the StreamPredictor::StreamPredictor
    function by adding post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
    (Closes: #435462) Fixes: CVE-2007-3387

 -- Steffen Joeris <[EMAIL PROTECTED]>  Tue, 07 Aug 2007 14:00:34 +1000

only a loads of security fixes.

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to