Bug#278173: marked as done (kpdf: CAN-2004-0888: arbitrary code execution)

To: Christopher L Cheney <ccheney@debian.org>
Cc: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Subject: Bug#278173: marked as done (kpdf: CAN-2004-0888: arbitrary code execution)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 05 Nov 2004 01:33:14 -0800
Message-id: <[🔎] handler.278173.D278173.109964660430188.ackdone@bugs.debian.org>
In-reply-to: <E1CQ0DZ-0002IV-00@newraff.debian.org>
References: <E1CQ0DZ-0002IV-00@newraff.debian.org> <20041025091128.GG7329@finlandia.infodrom.north.de>
Your message dated Fri, 05 Nov 2004 04:17:13 -0500
with message-id <E1CQ0DZ-0002IV-00@newraff.debian.org>
and subject line Bug#278173: fixed in kdegraphics 4:3.3.1-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Oct 2004 09:18:21 +0000
>From joey@infodrom.org Mon Oct 25 02:18:13 2004
Return-path: <joey@infodrom.org>
Received: from luonnotar.infodrom.org [195.124.48.78] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CM0zV-0004EP-00; Mon, 25 Oct 2004 02:18:13 -0700
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
	id 09F7A366B94; Mon, 25 Oct 2004 11:18:07 +0200 (CEST)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
	from infodrom.org by finlandia.Infodrom.North.DE
	via smail from stdin
	id <m1CM0sy-000oejC@finlandia.Infodrom.North.DE>
	for submit@bugs.debian.org; Mon, 25 Oct 2004 11:11:28 +0200 (CEST) 
Date: Mon, 25 Oct 2004 11:11:28 +0200
From: Martin Schulze <joey@infodrom.org>
To: submit@bugs.debian.org
Subject: kpdf: CAN-2004-0888: arbitrary code execution
Message-ID: <20041025091128.GG7329@finlandia.infodrom.north.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: kpdf
Version: 3.3.0-2
Severity: critical
Tags: security, sid, sarge

Please see DSA 573
http://www.kde.org/info/security/advisory-20041021-1.txt

I can provide a patch for xpdf if that's required, contact me privately.

Regards,

	Joey

-- 
There are lies, statistics and benchmarks.

Please always Cc to me when replying to me on the lists.

---------------------------------------
Received: (at 278173-close) by bugs.debian.org; 5 Nov 2004 09:23:24 +0000
>From katie@ftp-master.debian.org Fri Nov 05 01:23:24 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CQ0JY-0007q0-00; Fri, 05 Nov 2004 01:23:24 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CQ0DZ-0002IV-00; Fri, 05 Nov 2004 04:17:13 -0500
From: Christopher L Cheney <ccheney@debian.org>
To: 278173-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#278173: fixed in kdegraphics 4:3.3.1-1
Message-Id: <E1CQ0DZ-0002IV-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Fri, 05 Nov 2004 04:17:13 -0500
Delivered-To: 278173-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: kdegraphics
Source-Version: 4:3.3.1-1

We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:

kamera_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kamera_3.3.1-1_i386.deb
kcoloredit_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kcoloredit_3.3.1-1_i386.deb
kdegraphics-dev_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kdegraphics-dev_3.3.1-1_i386.deb
kdegraphics-kfile-plugins_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.1-1_i386.deb
kdegraphics_3.3.1-1.diff.gz
  to pool/main/k/kdegraphics/kdegraphics_3.3.1-1.diff.gz
kdegraphics_3.3.1-1.dsc
  to pool/main/k/kdegraphics/kdegraphics_3.3.1-1.dsc
kdegraphics_3.3.1-1_all.deb
  to pool/main/k/kdegraphics/kdegraphics_3.3.1-1_all.deb
kdegraphics_3.3.1.orig.tar.gz
  to pool/main/k/kdegraphics/kdegraphics_3.3.1.orig.tar.gz
kdvi_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kdvi_3.3.1-1_i386.deb
kfax_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kfax_3.3.1-1_i386.deb
kgamma_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kgamma_3.3.1-1_i386.deb
kghostview_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kghostview_3.3.1-1_i386.deb
kiconedit_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kiconedit_3.3.1-1_i386.deb
kmrml_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kmrml_3.3.1-1_i386.deb
kolourpaint_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kolourpaint_3.3.1-1_i386.deb
kooka_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kooka_3.3.1-1_i386.deb
kpdf_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kpdf_3.3.1-1_i386.deb
kpovmodeler_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kpovmodeler_3.3.1-1_i386.deb
kruler_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kruler_3.3.1-1_i386.deb
ksnapshot_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/ksnapshot_3.3.1-1_i386.deb
ksvg_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/ksvg_3.3.1-1_i386.deb
kuickshow_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kuickshow_3.3.1-1_i386.deb
kview_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kview_3.3.1-1_i386.deb
kviewshell_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/kviewshell_3.3.1-1_i386.deb
libkscan-dev_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/libkscan-dev_3.3.1-1_i386.deb
libkscan1_3.3.1-1_i386.deb
  to pool/main/k/kdegraphics/libkscan1_3.3.1-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 278173@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christopher L Cheney <ccheney@debian.org> (supplier of updated kdegraphics package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  5 Nov 2004 01:00:00 -0600
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev kruler kcoloredit kamera kdegraphics-dev libkscan1 kview kpdf ksvg kdvi kiconedit kfax kuickshow kooka kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: source i386 all
Version: 4:3.3.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Christopher L Cheney <ccheney@debian.org>
Description: 
 kamera     - digital camera io_slave for Konquerer
 kcoloredit - An editor for palette files
 kdegraphics - KDE Graphics metapackage
 kdegraphics-dev - KDE graphics (development files)
 kdegraphics-kfile-plugins - provide meta information for graphic files
 kdvi       - KDE dvi viewer
 kfax       - KDE G3/G4 Fax Viewer
 kgamma     - Gamma correction KControl module
 kghostview - PostScript viewer for KDE
 kiconedit  - An icon editor for creating KDE icons
 kmrml      - A Konqueror plugin for searching pictures
 kolourpaint - A Simple Paint Program for KDE
 kooka      - Scanner program for KDE
 kpdf       - PDF viewer for KDE
 kpovmodeler - A graphical editor for povray scenes
 kruler     - a screen ruler and color measurement tool for KDE
 ksnapshot  - Screenshot application for KDE
 ksvg       - SVG viewer for KDE
 kuickshow  - KDE image/slideshow viewer
 kview      - KDE simple image viewer/converter
 kviewshell - KDE generic framework for viewer applications
 libkscan-dev - Scanner library for KDE (development files)
 libkscan1  - Scanner library for KDE
Closes: 278173
Changes: 
 kdegraphics (4:3.3.1-1) unstable; urgency=low
 .
   * New upstream release.
   * KDE_3_3_BRANCH update.
     - CAN-2004-0888: arbitrary code execution (Closes: #278173)
Files: 
 fed1fc307eecae72e2d3a866fdb6f1a9 1195 kde optional kdegraphics_3.3.1-1.dsc
 ec785c75cba98b57049b53774aa13cd8 7524293 kde optional kdegraphics_3.3.1.orig.tar.gz
 45def856ead170c6a6fb2d92770d4d07 442563 kde optional kdegraphics_3.3.1-1.diff.gz
 664c4a12baad2a7fc7677ad078b1a9c4 77048 graphics optional kamera_3.3.1-1_i386.deb
 4fe75f0136ebef082e8dec05edef5960 85714 graphics optional kcoloredit_3.3.1-1_i386.deb
 0cf9179de4496419414c4c811bed815d 56310 devel optional kdegraphics-dev_3.3.1-1_i386.deb
 1bd68354e77ab4f18e8c72ad92677bbf 212486 kde optional kdegraphics-kfile-plugins_3.3.1-1_i386.deb
 cea8559c426bf16fa83d0a28452f8048 473970 graphics optional kdvi_3.3.1-1_i386.deb
 23c9840286483db2aaa4d433c3bfdbed 137234 graphics optional kfax_3.3.1-1_i386.deb
 36e7852e1dc2559eb808b8a237dbf168 76408 graphics optional kgamma_3.3.1-1_i386.deb
 9fa1743004c6f5dfd0a2595477f2b9b3 218328 graphics optional kghostview_3.3.1-1_i386.deb
 8a632f35e654b7072b4d4588cb552874 126344 graphics optional kiconedit_3.3.1-1_i386.deb
 13d119700bec840b068d4d6df605e8a6 211818 kde optional kmrml_3.3.1-1_i386.deb
 41f745c371ae5e96abda309e11ba1e8c 737272 graphics optional kolourpaint_3.3.1-1_i386.deb
 17dc6091199c35aa8ae4a1a25f4a9940 740710 graphics optional kooka_3.3.1-1_i386.deb
 bd5f3023976f3e470f74bf997d3dd443 441630 graphics optional kpdf_3.3.1-1_i386.deb
 ef09e572e78f266544d8aea6afd1e7ca 2195694 graphics optional kpovmodeler_3.3.1-1_i386.deb
 3fd1cf7a4256ebb1d6846a91680b0e2e 52884 graphics optional kruler_3.3.1-1_i386.deb
 3e1f522a73dcf11d6cae0a1a6b771270 87404 graphics optional ksnapshot_3.3.1-1_i386.deb
 f8a5ef516579b59e938750321f7d848a 1210292 graphics optional ksvg_3.3.1-1_i386.deb
 a3758422bf5d8e0cc083b3f8f0cdc41e 462100 graphics optional kuickshow_3.3.1-1_i386.deb
 274f1dc5cd3c022b93fb7765e9aa7987 632362 graphics optional kview_3.3.1-1_i386.deb
 1c2046f2c0ace03612b69340162f3a2c 157046 graphics optional kviewshell_3.3.1-1_i386.deb
 ea43ef91b601c207cebde926eb65a462 24964 libdevel optional libkscan-dev_3.3.1-1_i386.deb
 caab7de202ba660508e3a60480fcc80d 125166 libs optional libkscan1_3.3.1-1_i386.deb
 05aad434f3894e82e6627c0ea5d10324 8042 kde optional kdegraphics_3.3.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBizPU0QZas444SvIRAlhfAJ9DMgE0eawAmhuDlDV8JdfqTYyaWgCghnY9
uag5REFcdjtBS2qtePXwsKk=
=WCXQ
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: kdegraphics_3.3.1-1_i386.changes ACCEPTED
Next by Date: Bug#279851: move kdewidgets.so to kdelibs4-dev
Previous by thread: kdegraphics_3.3.1-1_i386.changes ACCEPTED
Next by thread: Bug#279851: move kdewidgets.so to kdelibs4-dev
Index(es):
- Date
- Thread