Fedora Legacy Test Update Notification: xpdf

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Feb 4 22:31:23 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2352
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2352
2005-02-04
---------------------------------------------------------------------

Name        : xpdf
Versions    : rh7.3: xpdf-1.00-7.4.legacy
Versions    : rh9: xpdf-2.01-11.3.legacy
Versions    : fc1: xpdf-2.03-1.3.legacy
Summary     : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

---------------------------------------------------------------------
Update Information:

Updated Xpdf packages that fix several security issues are now
available.

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of xpdf. An attacker
could construct a carefully crafted PDF file that could cause xpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0888 to this issue.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf.
An attacker could construct a carefully crafted PDF file that could
cause Xpdf to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1125 to this issue.

A buffer overflow flaw was found when processing the /Encrypt /Length
tag. An attacker could construct a carefully crafted PDF file that could
cause Xpdf to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

Users of xpdf are advised to upgrade to these errata packages, which
contain backported patches correcting these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1.00-7.4.legacy
- patch for CAN-2005-0064 (FL #2352)
- use better patch for CAN-2004-1125

* Thu Dec 23 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.00-7.3.legacy
- patch for CAN-2004-1125 (FL #2352)

* Wed Dec 01 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.00-7.2.legacy
- added missing XFree86-devel BuildPrereq

* Thu Oct 28 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.00-7.1.legacy
- patch for CAN-2004-0888 CAN-2004-0889 (FL #2186)

rh9:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 2.01-11.3.legacy
- patch for CAN-2005-0064 (FL #2352)
- use better patch for CAN-2004-1125

* Thu Dec 23 2004 Rob Myers <rob.myers at gtri.gatech.edu> 2.01-11.2.legacy
- patch for CAN-2004-1125 (FL #2352)

* Thu Oct 28 2004 Rob Myers <rob.myers at gtri.gatech.edu> 2.01-11.1.legacy
- patch for CAN-2004-0888 CAN-2004-0889 (FL #2186)
- added simple non-security patch for xfont fix

fc1:
* Wed Jan 19 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1:2.03-1.3.legacy
- patch for CAN-2005-0064 (FL #2352)
- use better patch for CAN-2004-1125

* Thu Dec 23 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1:2.03-1.2.legacy
- patch for CAN-2004-1125 (FL #2352)

* Thu Oct 21 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1:2.03-1.1.legacy
- patch for CAN-2004-0888 CAN-2004-0889 (FL #2186)
- include simple non-security xfont patch
- fix files listed twice for /usr/share/xpdf/locales

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
423ffbb749b7ee88eeb10e6a859eeb0bf065e14f 
redhat/7.3/updates-testing/i386/xpdf-1.00-7.4.legacy.i386.rpm
c73127114f7369b5b7dc47f888bd751aff93126e 
redhat/7.3/updates-testing/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm
fc92215a4b5767adc4fc97dbdab273116ba4d633 
redhat/7.3/updates-testing/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm
f723ea683d914c4a07715a06aa986f91617bd4ea 
redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm
81c63ff5b9f1fc0e6a9a384407a46bd699f33feb 
redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm
e4a7aabeaaac53c1773f2cee640ec1052cffb820 
redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.4.legacy.src.rpm

rh9:
67e76b9214471447bf79ea1b5b191b16122ba2c0 
redhat/9/updates-testing/i386/xpdf-2.01-11.3.legacy.i386.rpm
7c6d5c6374dd7e5c952d37ead71071500ac9fda3 
redhat/9/updates-testing/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm
e351ec803bc2e7c27aa4677dcd57ad9f4772c492 
redhat/9/updates-testing/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm
fcde9f1758de64bd50e5ef003cf344c63264b940 
redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm
a5e48c1ef2bca6e59b4c27f442078231d6dd68c2 
redhat/9/updates-testing/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm
118304e7529774f84fd2a7ac23c4220fe5f92a52 
redhat/9/updates-testing/SRPMS/xpdf-2.01-11.3.legacy.src.rpm

fc1:
604172c53feadba2f6049a41e214dd61ec24fd95 
fedora/1/updates-testing/i386/xpdf-2.03-1.3.legacy.i386.rpm
93454fd7f71a3fe88bcc89593312c6120e7168fc 
fedora/1/updates-testing/SRPMS/xpdf-2.03-1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050204/4ca251e8/attachment.sig>

More information about the fedora-legacy-list mailing list