[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#291994: marked as done ("Decrypt::makeFileKey2()" Buffer Overflow)

Your message dated Mon, 24 Jan 2005 15:20:39 +0100
with message-id <20050124142039.GA30282@chistera.yi.org>
and subject line Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Jan 2005 13:47:56 +0000
>From lbello@arcert.gov.ar Mon Jan 24 05:47:56 2005
Return-path: <lbello@arcert.gov.ar>
Received: from mail.arcert.gov.ar [200.47.53.18] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1Ct4ZP-00055e-00; Mon, 24 Jan 2005 05:47:55 -0800
Received: (qmail 6975 invoked from network); 24 Jan 2005 13:47:49 -0000
X-Scanned-By: ArCERT.
Received: from unknown (HELO clementina.arcert.gov.ar) (arcert)
  by mail.arcert.gov.ar with SMTP; 24 Jan 2005 13:47:48 -0000
Subject: "Decrypt::makeFileKey2()" Buffer Overflow
From: Luciano Bello <lbello@arcert.gov.ar>
To: submit@bugs.debian.org
Content-Type: text/plain
Date: Mon, 24 Jan 2005 10:46:01 -0300
Message-Id: <[🔎] 1106574362.1389.41.camel@clementina.arcert.gov.ar>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 
Content-Transfer-Encoding: 7bit
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.5 required=4.0 tests=BAYES_30,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kpdf
Version: 3.x
Severity: grave
Tags: security sarge sid patch

The version in woody is not affected by this problem.

TITLE:
KDE kpdf "Decrypt::makeFileKey2()" Buffer Overflow

SECUNIA ADVISORY ID:
SA13916

VERIFY ADVISORY:
http://secunia.com/advisories/13916/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
KDE 3.x
http://secunia.com/product/219/

DESCRIPTION:
The vendor has acknowledged a vulnerability in kpdf, which can be
exploited by malicious people to compromise a user's system.

For more information:
SA13903

SOLUTION:
Apply patches.

KDE 3.2.3:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdegraphics-3.diff

KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdegraphics-3.diff

ORIGINAL ADVISORY:
http://www.kde.org/info/security/advisory-20050119-1.txt

OTHER REFERENCES:
SA13903:
http://secunia.com/advisories/13903/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/



---------------------------------------
Received: (at 291994-done) by bugs.debian.org; 24 Jan 2005 14:20:42 +0000
>From asp16@alu.ua.es Mon Jan 24 06:20:42 2005
Return-path: <asp16@alu.ua.es>
Received: from 84-120-64-130.onocable.ono.com (chistera.yi.org) [84.120.64.130] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Ct558-0006Wv-00; Mon, 24 Jan 2005 06:20:42 -0800
Received: from userid 1000 by chistera.yi.org with local (Exim 4.43) 
	  id 1Ct555-0007um-N9; Mon, 24 Jan 2005 15:20:39 +0100
Date: Mon, 24 Jan 2005 15:20:39 +0100
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
To: Luciano Bello <lbello@arcert.gov.ar>, 291994-done@bugs.debian.org
Subject: Re: Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow
Message-ID: <20050124142039.GA30282@chistera.yi.org>
Reply-To: 291994@bugs.debian.org,
	Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
References: <[🔎] 1106574362.1389.41.camel@clementina.arcert.gov.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <[🔎] 1106574362.1389.41.camel@clementina.arcert.gov.ar>
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20050115i
Delivered-To: 291994-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.8 required=4.0 tests=BAYES_01,FROM_ENDS_IN_NUMS,
	HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

* Luciano Bello [Mon, 24 Jan 2005 10:46:01 -0300]:
> Package: kpdf
> Version: 3.x
> Severity: grave
> Tags: security sarge sid patch

> The version in woody is not affected by this problem.

  The version in sid either, see #291251. Will enter sarge 'soon'.

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Don't be irreplaceable, if you can't be replaced, you can't be promoted.
Reply to: