Your message dated Sun, 18 Jul 2010 15:27:33 +0900
with message-id <[email protected]>
and subject line The buggy code is not build ?
has caused the Debian Bug report #406852,
regarding xpdf: CVE-2007-0104 rogue Pages setting or catalog dictionary
security hole
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
406852: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406852
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: xpdf: CVE-2007-0104 rogue Pages setting or catalog dictionary security
hole
Package: xpdf-reader
Version: 3.01-9
Severity: normal
Tags: security
Hello,
I noticed this security advisory about xpdf v3.0.1 (patch 2) and
probably greater versions.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104
http://projects.info-pull.com/moab/MOAB-06-01-2007.html
Here is an excerpt:
"The current specification is affected by a design flaw: a rogue Pages
setting or malicious catalog dictionary will lead to unexpected
conditions. This is apparently not contemplated, and it's assumed that
the PDF will contain valid references to it's page tree node and other
objects. Thus, when an invalid page tree node or object is referenced,
the application behavior is undefined. Potential conditions include, but
aren't limited to: memory corruption (dereferencing invalid pointers,
stack overflow/recursion, heap-based overflow), memory leaks and denial
of service (ex. infinite loop on page tree parsing)."
Note that this vulnerability affects other programs based on the xpdf
source.
"Note: Affects software based on it's source as well (gv, kpdf, poppler,
etc)."
David
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-rc3-l4
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages xpdf depends on:
ii xpdf-common 3.01-9 Portable Document Format (PDF) sui
ii xpdf-reader 3.01-9 Portable Document Format (PDF) sui
ii xpdf-utils 3.01-9 Portable Document Format (PDF) sui
xpdf recommends no packages.
Versions of packages xpdf-reader depends on:
ii gsfonts 1:8.11+urwcyr1.0.7~pre41-1 Fonts for the Ghostscript interpre
ii lesstif2 1:0.94.4-2 OSF/Motif 2.1 implementation relea
ii libc6 2.3.6.ds1-10 GNU C Library: Shared libraries
ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.1-21 GCC support library
ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library
ii libpaper1 1.1.21 Library for handling paper charact
ii libsm6 1:1.0.1-3 X11 Session Management library
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r
ii libx11-6 2:1.0.3-4 X11 client-side library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxp6 1:1.0.0.xsf1-1 X Printing Extension (Xprint) clie
ii libxpm4 1:3.5.5-2 X11 pixmap library
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii xpdf-common 3.01-9 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.3-13 compression library - runtime
-- no debconf information
--- End Message ---
--- Begin Message ---
reassign 406852 xpdf
fixed 406852 3.02-9
thanks
It looks like we are not building buggy code since we use poppler as
library afer 3.02-9. If I am mistaken, please reopen this.
$ debian/rules prepare
mkdir -p build
cp goo/parseargs.* xpdf/CoreOutputDev.* xpdf/GlobalParams.* build
cp xpdf/PDFCore.* xpdf/XPDFApp.* xpdf/XPDFCore.* xpdf/XPDFTree.* build
cp xpdf/XPDFTreeP.h xpdf/XPDFViewer.* xpdf/xpdf.cc build
# perform extensive goo rename (as required by poppler)
sed -i s/GString/GooString/g build/*
sed -i s/GMutex/GooMutex/g build/*
sed -i s/GHash/GooHash/g build/*
sed -i s/GList/GooList/g build/*
sed -i s/\<aconf\.h\>/\<poppler-config\.h\>/g build/*
cp xpdf/config.h xpdf/about-text.h xpdf/*.xbm xpdf/xpdfIcon.xpm build
Patch is against non-used portion.
diff -urNad xpdf-3.01~/xpdf/Catalog.cc xpdf-3.01/xpdf/Catalog.cc
--- xpdf-3.01~/xpdf/Catalog.cc 2005-08-16 22:34:31.000000000 -0700
+++ xpdf-3.01/xpdf/Catalog.cc 2007-01-24 17:03:21.143417464 -0800
Osamu
--- End Message ---