--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-176751 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176751 2006-02-20 --------------------------------------------------------------------- Name : gpdf Versions : fc1: gpdf-0.110-1.5.legacy Versions : fc2: gpdf-2.8.2-4.1.1.legacy Versions : fc3: gpdf-2.8.2-7.2.1.legacy Summary : viewer for Portable Document Format (PDF) files for GNOME Description : This is GPdf, a viewer for Portable Document Format (PDF) files for GNOME. GPdf is based on the Xpdf program and uses additional GNOME libraries for better desktop integration. --------------------------------------------------------------------- Update Information: An updated gpdf package that fixes several security issues is now available. The gpdf package is a GNOME based viewer for Portable Document Format (PDF) files. A flaw was discovered in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Several flaws were discovered in gpdf. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. Users of gpdf should upgrade to this updated package, which contains backported patches to resolve these issues. --------------------------------------------------------------------- Changelogs fc1: * Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.110-1.5.legacy - Use better patch for CVE-2004-0888 (from RHEL3 xpdf) - Add patch for CVE-2005-3193 fc2: * Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.2-4.1.1.legacy - Rebuilt as Fedora Legacy security update for Fedora Core 2 - Removed the desktop-file-utils dependencies * Fri Jan 06 2006 Ray Strode <rstrode@xxxxxxxxxx> 2.8.2-7.4 - Apply fix for CVE-2005-3624 (also covers CVE-2005-3193) (bug 176865) * Wed Dec 14 2005 Ray Strode <rstrode@xxxxxxxxxx> 2.8.2-7.3 - apply updated patch for CVE-2005-3193 (bug 175102) fc3: * Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.2-7.2.1.legacy - Rebuilt as Fedora Legacy security update for Fedora Core 3 * Fri Jan 06 2006 Ray Strode <rstrode@xxxxxxxxxx> 2.8.2-7.4 - Apply fix for CVE-2005-3624 (also covers CVE-2005-3193) (bug 176865) * Wed Dec 14 2005 Ray Strode <rstrode@xxxxxxxxxx> 2.8.2-7.3 - apply updated patch for CVE-2005-3193 (bug 175102) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc1: 646edd9bdaf07a2f74d0b9874a666f94dc4f7982 fedora/1/updates-testing/i386/gpdf-0.110-1.5.legacy.i386.rpm 23f1172453f4e6572bd5a5bebcf093fda9c9ef62 fedora/1/updates-testing/SRPMS/gpdf-0.110-1.5.legacy.src.rpm fc2: 2798a8e5ba37214b4ad3d537aa38b65c62c9e7c7 fedora/2/updates-testing/i386/gpdf-2.8.2-4.1.1.legacy.i386.rpm e6d36329145bd25d5646da0064124f4b3a3faf99 fedora/2/updates-testing/SRPMS/gpdf-2.8.2-4.1.1.legacy.src.rpm fc3: b732b32164a34ddca2471548cffdb4fa654a61cd fedora/3/updates-testing/i386/gpdf-2.8.2-7.2.1.legacy.i386.rpm 3ec3762affc6295144245af9e804692e293614be fedora/3/updates-testing/SRPMS/gpdf-2.8.2-7.2.1.legacy.src.rpm e6c957006f2bc7c17c5754df527cd8eec86d0c9a fedora/3/updates-testing/x86_64/gpdf-2.8.2-7.2.1.legacy.x86_64.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list