Bug#287080: kdegraphics: CAN-2004-1125: kpdf buffer overflow vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#287080: kdegraphics: CAN-2004-1125: kpdf buffer overflow vulnerability
From: Adeodato Simó <asp16@alu.ua.es>
Date: Fri, 24 Dec 2004 06:28:13 +0100
Message-id: <[🔎] 20041224052813.GA11707@chistera.yi.org>
Reply-to: Adeodato Simó <asp16@alu.ua.es>, 287080@bugs.debian.org

Package: kpdf
Severity: grave
Tags: sarge, security

  CAN-2004-1125 is about a buffer overflow vulnerability in xpdf. As
  kpdf contains a copy, it is also affected (see the KDE Security
  Advisory [1]).

    [1] http://www.kde.org/info/security/advisory-20041223-1.txt
  
  This issue has been fixed in sid with the upload of kdegraphics
  4:3.3.1-2. An upload of kdelibs 4:3.3.2-0pre2 to experimental is
  planned, and I'm creating this bug report so that the vulnerability in
  sarge becomes documented.
  
  kdegraphics >= 4:3.3.1-2 is scheduled to be included in sarge "soon".

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
    Listening to: Oasis - Champagne Supernova
 
Old men are fond of giving good advice to console themselves for their
inability to set a bad example.
                -- La Rochefoucauld, "Maxims"

Reply to:

Prev by Date: Bug#287070: /etc/init.d/kdm restart does stop but not start
Next by Date: Bug#287095: kdemultimedia: FTBFS (amd64/gcc-4.0): cast from 'void*' to 'int' loses precision
Previous by thread: Bug#287070: /etc/init.d/kdm restart does stop but not start
Next by thread: Bug#287095: kdemultimedia: FTBFS (amd64/gcc-4.0): cast from 'void*' to 'int' loses precision
Index(es):
- Date
- Thread