Fedora Legacy Test Update Notification: gpdf

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Feb 4 22:30:53 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2353
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2353
2005-02-04
---------------------------------------------------------------------

Name        : gpdf
Versions    : fc1: gpdf-0.110-1.4.legacy
Summary     : viewer for Portable Document Format (PDF) files for GNOME
Description :
This is GPdf, a viewer for Portable Document Format (PDF) files for
GNOME. GPdf is based on the Xpdf program and uses additional GNOME
libraries for better desktop integration.

---------------------------------------------------------------------
Update Information:

An updated gpdf package that fixes a number of integer overflow security
flaws is now available.

GPdf is a viewer for Portable Document Format (PDF) files for GNOME.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of xpdf. These
issues also affect gpdf as it is based on xpdf source code. An attacker
could construct a carefully crafted PDF file that could cause gpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf.
This flaw also affects gpdf as it is based on xpdf source code. An
attacker could construct a carefully crafted PDF file that could cause
gpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1125 to this issue.

A buffer overflow flaw was found when processing the /Encrypt /Length
tag. An attacker could construct a carefully crafted PDF file that could
cause gpdf to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

Users of gpdf are advised to upgrade to this errata package, which
contains backported patches correcting these issues.

---------------------------------------------------------------------
Changelogs

fc1:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 0.110-1.4.legacy
- patch for CAN-2005-0064 (FL #2353)
- use better patch for CAN-2004-1125

* Wed Dec 22 2004 Rob Myers <rob.myers at gtri.gatech.edu> 0.110-1.3.legacy
- add patch for CAN-2004-1125 (FL #2353)

* Tue Nov 30 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.110-1.2.legacy
- Added missing gettext BuildRequires

* Thu Oct 28 2004 Rob Myers <rob.myers at gtri.gatech.edu> 0.110-1.1.legacy
- patch for CAN-2004-0888 CAN-2004-0889 (FL #2186, #2195)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

fc1:
63438a137ac33d1355bc6b8065fef0a03dde7e68 
fedora/1/updates-testing/i386/gpdf-0.110-1.4.legacy.i386.rpm
19c4e9fd40a135b4ad782c228990edcdc38dad04 
fedora/1/updates-testing/SRPMS/gpdf-0.110-1.4.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050204/20a1df3c/attachment.sig>

More information about the fedora-legacy-list mailing list