Re: gpdf: remove? security hole open for this long?
* Junichi Uekawa <email@example.com> [2006-07-21 23:49]:
> I think having a security hole for more than a year is a reason to remove
> evince seems to be a replacement, gpdf is deprecated.
It should imho get orphaned first. BCCing the MIA people - what's up
there anyway? Hasn't mechanix been inactive for ages?
Oh, gpdf was uploaded in March. And it mentions some security fixes.
Can someone check if those address #334454?
gpdf (2.10.0-3) unstable; urgency=high
* More security team provided patches:
- patch to fix buffer overflow [splash/Splash.cc,
- upstream patch by Derek Noonburg to fix several
vulnerabilities [goo/gmem.c, splash/SplashXPathScanner.cc,
xpdf/JBIG2Stream.cc, xpdf/Stream.h, 008_security_upstream.patch]
-- Filip Van Raemdonck <firstname.lastname@example.org> Sat, 18 Mar 2006 10:59:54 +0200
gpdf (2.10.0-2) unstable; urgency=high
* Patch provided by Security Team:
Added more precautionary checks by Dirk M▒ller
Fixes CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
-- Filip Van Raemdonck <email@example.com> Sun, 15 Jan 2006 11:18:36 +0100
gpdf (2.10.0-1) unstable; urgency=high
* Security related upload for CAN-2005-3191 CAN-2005-3192.
[xpdf/JPXStream.cc, xpdf/Stream.cc, xpdf/Stream.h, xpdf/JBIG2Stream.cc]
* Acknowledge NMUs. (Closes: #291244, #321521)
* New upstream version. (Closes: #323281)
-- Filip Van Raemdonck <firstname.lastname@example.org> Mon, 12 Dec 2005 21:47:51 +0100