--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-2186 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2186 2004-12-01 --------------------------------------------------------------------- Name : xpdf Versions : rh7.3: xpdf-1.00-7.2.legacy Versions : rh9: xpdf-2.01-11.1.legacy Versions : fc1: xpdf-2.03-1.1.legacy Summary : A PDF file viewer for the X Window System. Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. --------------------------------------------------------------------- Update Information: Updated xpdf packages that fixes a number of integer overflow security flaws are now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. Users of xpdf are advised to upgrade to these errata packages, which contains a backported patch correcting these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Dec 01 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.00-7.2.legacy - added missing XFree86-devel BuildPrereq * Thu Oct 28 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.00-7.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) rh9: * Thu Oct 28 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.01-11.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) - added simple non-security patch for xfont fix fc1: * Thu Oct 21 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1:2.03-1.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) - include simple non-security xfont patch - fix files listed twice for /usr/share/xpdf/locales --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 017fba06b9ba578aad48f07ec3c2e6f0f954d781 redhat/7.3/updates-testing/i386/xpdf-1.00-7.2.legacy.i386.rpm ca69e26855214a8225011abb45d03d6452eccc23 redhat/7.3/updates-testing/i386/xpdf-chinese- simplified-1.00-7.2.legacy.i386.rpm aeea1b0952067c77867f2f92bec12af9bd725bc8 redhat/7.3/updates-testing/i386/xpdf-chinese- traditional-1.00-7.2.legacy.i386.rpm 925f505d03d6a1ddced3f8f6579cc6e449f74465 redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.2.legacy.i386.rpm 2ab1b844fee2c44f3c4df97661cc301a637b4999 redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.2.legacy.i386.rpm 3d2cf5b7973d8e56ecf1d98322e8918a1de463b9 redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.2.legacy.src.rpm rh9: cb457f94ba08d7c8a8750b41596959a6e8e4df01 redhat/9/updates-testing/i386/xpdf-2.01-11.1.legacy.i386.rpm 961cb6ce2a6a9c6eee52eb5cd563e4c13df07c4e redhat/9/updates-testing/i386/xpdf-chinese- simplified-2.01-11.1.legacy.i386.rpm 4f00f288a9ba3c46f7eacbdf026164851b19f5fe redhat/9/updates-testing/i386/xpdf-chinese- traditional-2.01-11.1.legacy.i386.rpm f5629299b07143ef56a9a5d9d03d7909e2bdf226 redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.1.legacy.i386.rpm 229668282ccb0173f8e53cee27a4125d9e69ff8a redhat/9/updates-testing/i386/xpdf-korean-2.01-11.1.legacy.i386.rpm bbec9b7dd219aaddd505b1807f22728211f2786a redhat/9/updates-testing/SRPMS/xpdf-2.01-11.1.legacy.src.rpm fc1: 119e2f11d6037391a9f687c35795afbb563f7b68 fedora/1/updates-testing/i386/xpdf-2.03-1.1.legacy.i386.rpm 4dee0440c3e091eb75777ef3744e3e9158277b3a fedora/1/updates-testing/SRPMS/xpdf-2.03-1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
