Accepted xpdf 3.00-10 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.7
Date: Mon, 8 Nov 2004 00:23:22 +1100
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.00-10
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <hamish@debian.org>
Changed-By: Hamish Moffatt <hamish@debian.org>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 278693 279292
Changes:
xpdf (3.00-10) unstable; urgency=high
.
* SECURITY UPDATE: fix potential buffer overflow
* goo/gmem.[ch]: change declarations of gmalloc and grealloc to use size_t
instead of int; int truncated sizes to 32 bits, which made xpdf still
vulnerable to integer (and eventually buffer) overflow attacks on 64 bit
platforms like amd64.
* Thanks to Marcus Meissner <meissner@suse.de> for providing the patch
and Martin Pitt <mpitt@debian.org> for providing the changes for
Debian in the form of 3.00-9ubuntu2
* References:
CAN-2004-0889 (incomplete fix in version 3.00-9)
.
* Incorporated patch from Arnaud Giersch to fix crashes with
certain PDFs (closes: #278693, #279292)
Files:
b0a88d088a23bd52f0d182d481987582 879 text optional xpdf_3.00-10.dsc
a74ead163052cdeb1cada5918b201050 46755 text optional xpdf_3.00-10.diff.gz
f1b2c7a1c14819e147be33f84f6bbfdf 1274 text optional xpdf_3.00-10_all.deb
6fb0d7d8a4c99e53fda6401b51a1bce0 55914 text optional xpdf-common_3.00-10_all.deb
ad810a764584eb506e8ad06cb1b0f70f 654980 text optional xpdf-reader_3.00-10_i386.deb
e3fb456f88b630a08eac2c605530ccbc 1238114 text optional xpdf-utils_3.00-10_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iQCVAwUBQY4kD9iYIdPvprnVAQG43QP+OmSwh8+RixrW+NIQ5O+BT9Gt0LdNXtLJ
4lKZNLyPHysr5Cc6R3XHPIkISuwrP1I/OXV6W4BHE9yDaCq66V/sQ2ywaGwkqsMZ
S6yA25NYfxIC+C+eVq/ByL/02YjA5riWKx3kTkuugdVltFnqEqxMAZBLxLgexRUW
Kww21x8iivg=
=cQHZ
-----END PGP SIGNATURE-----
Accepted:
xpdf-common_3.00-10_all.deb
to pool/main/x/xpdf/xpdf-common_3.00-10_all.deb
xpdf-reader_3.00-10_i386.deb
to pool/main/x/xpdf/xpdf-reader_3.00-10_i386.deb
xpdf-utils_3.00-10_i386.deb
to pool/main/x/xpdf/xpdf-utils_3.00-10_i386.deb
xpdf_3.00-10.diff.gz
to pool/main/x/xpdf/xpdf_3.00-10.diff.gz
xpdf_3.00-10.dsc
to pool/main/x/xpdf/xpdf_3.00-10.dsc
xpdf_3.00-10_all.deb
to pool/main/x/xpdf/xpdf_3.00-10_all.deb
Reply to: