#2497: Stream.cxx vulnerabilities (cups, poppler, xpdf)
--------------------------------------+-------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: [EMAIL PROTECTED]
Type: task | Status: assigned
Priority: normal | Milestone: 6.3
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------------------------+-------------------------------------
Changes (by [EMAIL PROTECTED]):
* summary: cups latest vulnerability => Stream.cxx vulnerabilities
(cups, poppler, xpdf)
Old description:
> CVE-2008-0047 (heap overflow, versions up to 1.3.5).
>
> I've been using 1.2.12 for a long while, and just started using 1.3.6 on
> newer systems. I've got the patches OpenSuse use on 1.2.12 (also
> CVE-2007-4352 and CVE-2007-5392), I can take a look at putting those in
> for 6.3.
New description:
CVE-2008-0047 (heap overflow, cups versions up to 1.3.5).
I've been using 1.2.12 for a long while, and just started using 1.3.6 on
newer systems. I've got the patches OpenSuse use on 1.2.12 (also
CVE-2007-4352 and CVE-2007-5392), I can take a look at putting those in
for 6.3.
Investigation also showed Suse patch for CVE-2007-3387 - all of these are
in Stream.cxx, from xpdf, so I've renamed the ticket.
They variously affect xpdf-3.02 < pl2 (no comments on foolabs about what
pl2 fixes, but some of these are against pl1), poppler < 0.5.91, also old
gpdf which is not in the book, and kpdf, kgraphics - kde should be fixed
by 3.5.9 or earlier, but I can see kdegraphics appeared to use poppler on
one of my systems.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2497#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
