This bug was fixed in the package xpdf - 3.02-9ubuntu1.1
---------------
xpdf (3.02-9ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference. (LP: #701220)
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption. (LP: #701220)
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
-- Brian Thomason <[email protected]> Thu, 20 Jan 2011 17:05:14
-0500
** Changed in: xpdf (Ubuntu Maverick)
Status: Fix Committed => Fix Released
** Changed in: xpdf (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/701220
Title:
[Security] xpdf - CVE-2010-3702,3704
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
