Fedora Legacy Test Update Notification: xpdf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-175404
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175404
2006-02-26
---------------------------------------------------------------------

Name        : xpdf
Versions    : rh73: xpdf-1.00-7.6.legacy
Versions    : rh9: xpdf-2.01-11.4.legacy
Versions    : fc1: xpdf-2.03-1.4.legacy
Versions    : fc2: xpdf-3.00-3.8.1.legacy
Versions    : fc3: xpdf-3.01-0.FC3.5.legacy
Summary     : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

---------------------------------------------------------------------
Update Information:

An updated xpdf package that fixes several security issues is now
available.

The xpdf package is an X Window System-based viewer for Portable
Document Format (PDF) files.

A flaw was discovered in Xpdf in that an attacker could construct a
carefully crafted PDF file that would cause Xpdf to consume all
available disk space in /tmp when opened. The Common Vulnerabilities
and Exposures project assigned the name CVE-2005-2097 to this issue.

Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192,
CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,
CVE-2005-3627 and CVE-2005-3628 to these issues.

A heap based buffer overflow bug was discovered in Xpdf. An attacker
could construct a carefully crafted PDF file that could cause Xpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0301
to this issue.

Users of Xpdf should upgrade to this updated package, which contains
backported patches to resolve these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Feb 20 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.00-7.6.legacy
- Added better patch for CVE-2004-0888

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.00-7.5.legacy
- Added patch for CVE-2005-3193

rh9:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.01-11.4.legacy
- Added better patch for CVE-2004-0888
- Added patch for CVE-2005-3193

fc1:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1:2.03-1.4.legacy
- Added better patch for CVE-2004-0888
- Added patch for CVE-2005-3193

fc2:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1:3.00-3.8.1.legacy
- Apply patches for CVE-2005-2097, CVE-2005-3193, CVE-2006-0301

fc3:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1:3.01-0.FC3.5.legacy
- Added patch for CVE-2006-0301

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
6096aa2b487e635ae3003cf246ec66d53dc81d41
redhat/7.3/updates-testing/i386/xpdf-1.00-7.6.legacy.i386.rpm
e670899dd04a31d466d0ba2cc213763157a3b101
redhat/7.3/updates-testing/i386/xpdf-chinese-simplified-1.00-7.6.legacy.i386.rpm
c636a2b79eb22afe35993466675e9fdd086a84f2
redhat/7.3/updates-testing/i386/xpdf-chinese-traditional-1.00-7.6.legacy.i386.rpm
9a2bfe9e373cd20422a862f48d3d6ad787b7f0f1
redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.6.legacy.i386.rpm
bc47f11dea342606e74aff1a55cf74bd52783b60
redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.6.legacy.i386.rpm
ace7a51b625269d9f5bd3355b07a842f0e1426f4
redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.6.legacy.src.rpm

rh9:
4fe0714cdf2194cf0426e15210cbe509d77b2788
redhat/9/updates-testing/i386/xpdf-2.01-11.4.legacy.i386.rpm
c54fad904f475d693c781632dbadfae9434e4c87
redhat/9/updates-testing/i386/xpdf-chinese-simplified-2.01-11.4.legacy.i386.rpm
1b6f0cf3f309515fd60b88576a1168f9d9bc7fe0
redhat/9/updates-testing/i386/xpdf-chinese-traditional-2.01-11.4.legacy.i386.rpm
accef6df9ed9b1cee0e05fffa7e7dde085ae3f35
redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.4.legacy.i386.rpm
69a7ae59cb1ddb5b422eccdec53711f459939c3f
redhat/9/updates-testing/i386/xpdf-korean-2.01-11.4.legacy.i386.rpm
090ddacf36dc0180c16cef8526aedc9bb9c5225c
redhat/9/updates-testing/SRPMS/xpdf-2.01-11.4.legacy.src.rpm

fc1:
0349626a79f659adc0590938b99a6097f6898f10
fedora/1/updates-testing/i386/xpdf-2.03-1.4.legacy.i386.rpm
8612ba60a89cfb0ef195450d1c927487b868deec
fedora/1/updates-testing/SRPMS/xpdf-2.03-1.4.legacy.src.rpm

fc2:
f60fc20854386ef91f6769aabd29f3a77e29084d
fedora/2/updates-testing/i386/xpdf-3.00-3.8.1.legacy.i386.rpm
64139c039afc0af67eadcc8c87e03aed6c6254d0
fedora/2/updates-testing/SRPMS/xpdf-3.00-3.8.1.legacy.src.rpm

fc3:
268cba4fb5fd62699595cdeed78375f324c874f6
fedora/3/updates-testing/i386/xpdf-3.01-0.FC3.5.legacy.i386.rpm
021ec4bb4d86192a519261b3073a3d348e4fa14a
fedora/3/updates-testing/x86_64/xpdf-3.01-0.FC3.5.legacy.x86_64.rpm
3e139055107af9057062154add60191331765e43
fedora/3/updates-testing/SRPMS/xpdf-3.01-0.FC3.5.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux