Opened 16 years ago
Closed 16 years ago
#2497 closed task (fixed)
Stream.cxx vulnerabilities (cups, poppler, xpdf)
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 6.3 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
CVE-2008-0047 (heap overflow, cups versions up to 1.3.5).
I've been using 1.2.12 for a long while, and just started using 1.3.6 on newer systems. I've got the patches OpenSuse use on 1.2.12 (also CVE-2007-4352 and CVE-2007-5392), I can take a look at putting those in for 6.3.
Investigation also showed Suse patch for CVE-2007-3387 - all of these are in Stream.cxx, from xpdf, so I've renamed the ticket.
They variously affect xpdf-3.02 < pl2 (no comments on foolabs about what pl2 fixes, but some of these are against pl1), poppler < 0.5.91, also old gpdf which is not in the book, and kpdf, kgraphics - kde should be fixed by 3.5.9 or earlier, but I can see kdegraphics appeared to use poppler on one of my systems.
Change History (5)
comment:1 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 16 years ago
Description: | modified (diff) |
---|---|
Summary: | cups latest vulnerability → Stream.cxx vulnerabilities (cups, poppler, xpdf) |
First part (cups) updated in r7327. The headers seem stable within CUPS_VERSION_MINOR and in any case Stream.h is not installed.