Your message dated Sun, 18 Apr 2010 01:55:04 +0000
with message-id <[email protected]>
and subject line Bug#551287: fixed in xpdf 3.02-1.4+lenny2
has caused the Debian Bug report #551287,
regarding xpdf: integer overflow and null ptr dereference vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
551287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: xpdf
version: 3.01-9.1
severity: serious
tags: security
hi,
it has been disclosed that xpdf is vulnerable to multiple new
vulnerabilities [0]. these issues are also applicable to xpdf in both
stable and oldstable, so please coordinate with the security team to
release patched versions. thanks.
mike
[0] http://seclists.org/fulldisclosure/2009/Oct/227
--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.02-1.4+lenny2
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.02-1.4+lenny2_all.deb
to main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb
xpdf-reader_3.02-1.4+lenny2_i386.deb
to main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_i386.deb
xpdf-utils_3.02-1.4+lenny2_i386.deb
to main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_i386.deb
xpdf_3.02-1.4+lenny2.diff.gz
to main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz
xpdf_3.02-1.4+lenny2.dsc
to main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc
xpdf_3.02-1.4+lenny2_all.deb
to main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <[email protected]> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Mar 2010 17:07:50 -0300
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all i386
Version: 3.02-1.4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Hamish Moffatt <[email protected]>
Changed-By: Luciano Bello <[email protected]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 551287
Changes:
xpdf (3.02-1.4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixes multiple security issues (Closes: #551287):
- CVE-2009-1188 and CVE-2009-3603:
Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- CVE-2009-3604:
NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- CVE-2009-3606:
Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- CVE-2009-3608:
Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- CVE-2009-3609:
Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
Checksums-Sha1:
23f1907d3f4d2ca0dbecda240917c7243711bd11 1274 xpdf_3.02-1.4+lenny2.dsc
d5968e5a0e8143bffafc42268303e90f7d7fed69 44597 xpdf_3.02-1.4+lenny2.diff.gz
412b9ac40836deab02e1de28a5601417bc0c7415 1270 xpdf_3.02-1.4+lenny2_all.deb
23ea3b75125c0885f774c22972f12b53137412eb 66414
xpdf-common_3.02-1.4+lenny2_all.deb
48de8a31c12d92c8e0ff4484a98895eac383b93d 876446
xpdf-reader_3.02-1.4+lenny2_i386.deb
a220195f12ec2be7cc0cbafbbea6a1235f6f4700 1611516
xpdf-utils_3.02-1.4+lenny2_i386.deb
Checksums-Sha256:
ab9f38563ad8dd6d1c5a06cd7aeea07184eddc33be6a5ac26e9ea33253092add 1274
xpdf_3.02-1.4+lenny2.dsc
4f08f07b26625f3952583455bc7d286b14aa887e853c5273a6b712ddc3a0f929 44597
xpdf_3.02-1.4+lenny2.diff.gz
e21ab043f15ce40b35d48ea8dd3152db735277b0c50953d6edefe35113c61a08 1270
xpdf_3.02-1.4+lenny2_all.deb
2b5b45ecacef62cdf7eb9f3bdcf3eae0c036b5fb8d9066b398a64e4f4a968e1b 66414
xpdf-common_3.02-1.4+lenny2_all.deb
532a0f4cf6622a7a19f3035ff609385663e39f8b134eb19cbe55ab4b3a94fa3c 876446
xpdf-reader_3.02-1.4+lenny2_i386.deb
33c01a2f9a31899330a4b3d2356f520dd97f692fa9085abce940aad6060f1c09 1611516
xpdf-utils_3.02-1.4+lenny2_i386.deb
Files:
6cffe3ed50825b5a2746b71c4bd073ac 1274 text optional xpdf_3.02-1.4+lenny2.dsc
d25be5fd97c9d9171db95025b7c32c5a 44597 text optional
xpdf_3.02-1.4+lenny2.diff.gz
6a4da9738ca93522b57cafadb598ca65 1270 text optional
xpdf_3.02-1.4+lenny2_all.deb
24f28ede9dcaeeb2b7aa24b9603496be 66414 text optional
xpdf-common_3.02-1.4+lenny2_all.deb
c6e9ebb6d5873552e886e33d92aa4f49 876446 text optional
xpdf-reader_3.02-1.4+lenny2_i386.deb
c73e47d9c96298940bd458c7e8879209 1611516 text optional
xpdf-utils_3.02-1.4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkuuXw0ACgkQQWTRs4lLtHnqPwCgrAN8UTzSMIsHZghcri/vMcvE
CVYAoLigcS8qK2KiBK8mQW2tuB0GUhBt
=PxvG
-----END PGP SIGNATURE-----
--- End Message ---