Changes between Initial Version and Version 2 of Ticket #2497
- Timestamp:
- 03/27/2008 02:59:53 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2497
- Property Owner changed from to
- Property Status new → assigned
- Property Summary cups latest vulnerability → Stream.cxx vulnerabilities (cups, poppler, xpdf)
-
Ticket #2497 – Description
initial v2 1 CVE-2008-0047 (heap overflow, versions up to 1.3.5).1 CVE-2008-0047 (heap overflow, cups versions up to 1.3.5). 2 2 3 3 I've been using 1.2.12 for a long while, and just started using 1.3.6 on newer systems. I've got the patches OpenSuse use on 1.2.12 (also CVE-2007-4352 and CVE-2007-5392), I can take a look at putting those in for 6.3. 4 5 Investigation also showed Suse patch for CVE-2007-3387 - all of these are in Stream.cxx, from xpdf, so I've renamed the ticket. 6 7 They variously affect xpdf-3.02 < pl2 (no comments on foolabs about what pl2 fixes, but some of these are against pl1), poppler < 0.5.91, also old gpdf which is not in the book, and kpdf, kgraphics - kde should be fixed by 3.5.9 or earlier, but I can see kdegraphics appeared to use poppler on one of my systems.