Bug#303238: marked as done (kpdf fix for CAN-2005-0064 (bug 291251) was incomplete)
Your message dated Thu, 14 Apr 2005 19:02:26 -0400
with message-id <E1DMDLu-0004MD-00@newraff.debian.org>
and subject line Bug#303238: fixed in kdegraphics 4:3.3.2-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Apr 2005 15:02:44 +0000
>From jmm@inutil.org Tue Apr 05 08:02:44 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIpZj-0001vA-00; Tue, 05 Apr 2005 08:02:43 -0700
Received: from wlan-client-005.informatik.uni-bremen.de ([134.102.116.6] helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DIpZh-0007S4-6x
for submit@bugs.debian.org; Tue, 05 Apr 2005 17:02:41 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DIpZf-00048q-GD; Tue, 05 Apr 2005 17:02:39 +0200
Content-Type: multipart/mixed; boundary="===============1445931984=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kpdf fix for CAN-2005-0064 (bug 291251) was incomplete
X-Mailer: reportbug 3.9
Date: Tue, 05 Apr 2005 17:02:39 +0200
Message-Id: <E1DIpZf-00048q-GD@localhost.localdomain>
X-SA-Exim-Connect-IP: 134.102.116.6
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============1445931984==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: kpdf
Version: 4:3.3.2-1
Severity: grave
Tags: security patch
Justification: user security hole
Dear KDE maintainers,
the security fix for CAN-2005-0064 was derived from xpdf 3.00-12, which
in fact turned out to be incomplete wrt to a missing range check in XRef.cc.
Attached you can find a patch that adds the missing range verification, as
it has been done for xpdf 3.00-13.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
--===============1445931984==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="kpdf-CAN-2005-0064-missing-check.diff"
diff -Naur kdegraphics-3.3.2.orig/kpdf/xpdf/XRef.cc kdegraphics-3.3.2/kpdf/xpdf/XRef.cc
--- kdegraphics-3.3.2.orig/kpdf/xpdf/XRef.cc 2004-11-28 14:30:57.000000000 +0100
+++ kdegraphics-3.3.2/kpdf/xpdf/XRef.cc 2005-04-05 16:05:04.000000000 +0200
@@ -820,6 +820,9 @@
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
--===============1445931984==--
---------------------------------------
Received: (at 303238-close) by bugs.debian.org; 14 Apr 2005 23:10:13 +0000
>From katie@ftp-master.debian.org Thu Apr 14 16:10:13 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMDTR-0000WB-00; Thu, 14 Apr 2005 16:10:13 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DMDLu-0004MD-00; Thu, 14 Apr 2005 19:02:26 -0400
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 303238-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#303238: fixed in kdegraphics 4:3.3.2-2
Message-Id: <E1DMDLu-0004MD-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 14 Apr 2005 19:02:26 -0400
Delivered-To: 303238-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: kdegraphics
Source-Version: 4:3.3.2-2
We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:
kamera_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kamera_3.3.2-2_i386.deb
kcoloredit_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kcoloredit_3.3.2-2_i386.deb
kdegraphics-dev_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kdegraphics-dev_3.3.2-2_i386.deb
kdegraphics-kfile-plugins_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2_i386.deb
kdegraphics_3.3.2-2.diff.gz
to pool/main/k/kdegraphics/kdegraphics_3.3.2-2.diff.gz
kdegraphics_3.3.2-2.dsc
to pool/main/k/kdegraphics/kdegraphics_3.3.2-2.dsc
kdegraphics_3.3.2-2_all.deb
to pool/main/k/kdegraphics/kdegraphics_3.3.2-2_all.deb
kdvi_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kdvi_3.3.2-2_i386.deb
kfax_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kfax_3.3.2-2_i386.deb
kgamma_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kgamma_3.3.2-2_i386.deb
kghostview_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kghostview_3.3.2-2_i386.deb
kiconedit_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kiconedit_3.3.2-2_i386.deb
kmrml_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kmrml_3.3.2-2_i386.deb
kolourpaint_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kolourpaint_3.3.2-2_i386.deb
kooka_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kooka_3.3.2-2_i386.deb
kpdf_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kpdf_3.3.2-2_i386.deb
kpovmodeler_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kpovmodeler_3.3.2-2_i386.deb
kruler_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kruler_3.3.2-2_i386.deb
ksnapshot_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/ksnapshot_3.3.2-2_i386.deb
ksvg_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/ksvg_3.3.2-2_i386.deb
kuickshow_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kuickshow_3.3.2-2_i386.deb
kview_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kview_3.3.2-2_i386.deb
kviewshell_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/kviewshell_3.3.2-2_i386.deb
libkscan-dev_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/libkscan-dev_3.3.2-2_i386.deb
libkscan1_3.3.2-2_i386.deb
to pool/main/k/kdegraphics/libkscan1_3.3.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 303238@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdegraphics package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 14 Apr 2005 22:55:13 +0200
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev kruler kcoloredit kamera kdegraphics-dev libkscan1 kview kpdf ksvg kdvi kiconedit kfax kuickshow kooka kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: source i386 all
Version: 4:3.3.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description:
kamera - digital camera io_slave for Konquerer
kcoloredit - An editor for palette files
kdegraphics - KDE Graphics metapackage
kdegraphics-dev - KDE graphics (development files)
kdegraphics-kfile-plugins - provide meta information for graphic files
kdvi - KDE dvi viewer
kfax - KDE G3/G4 Fax Viewer
kgamma - Gamma correction KControl module
kghostview - PostScript viewer for KDE
kiconedit - An icon editor for creating KDE icons
kmrml - A Konqueror plugin for searching pictures
kolourpaint - A Simple Paint Program for KDE
kooka - Scanner program for KDE
kpdf - PDF viewer for KDE
kpovmodeler - A graphical editor for povray scenes
kruler - a screen ruler and color measurement tool for KDE
ksnapshot - Screenshot application for KDE
ksvg - SVG viewer for KDE
kuickshow - KDE image/slideshow viewer
kview - KDE simple image viewer/converter
kviewshell - KDE generic framework for viewer applications
libkscan-dev - Scanner library for KDE (development files)
libkscan1 - Scanner library for KDE
Closes: 303238
Changes:
kdegraphics (4:3.3.2-2) unstable; urgency=medium
.
+++ Changes by Christopher Martin:
.
* KDE_3_3_BRANCH update. This includes a small but important patch to
kpdf's xpdf code. Fully resolves CAN-2005-0064, a buffer overflow
vulnerability. Urgency=medium as this is release critical.
(Closes: #303238)
.
* Add GFDL to debian/copyright.
Files:
e43b861e179095f2efb8ff769bbfb711 1356 kde optional kdegraphics_3.3.2-2.dsc
80732407671f5f27670f8915f42cc91f 156178 kde optional kdegraphics_3.3.2-2.diff.gz
f1e4294260457fb8f0ebd1e5bb53aa99 85664 graphics optional kamera_3.3.2-2_i386.deb
f82a313b0dab84b8ecd09dda1fac3188 95180 graphics optional kcoloredit_3.3.2-2_i386.deb
09115f0f74decd11d359e6d0bf9b0b11 64744 devel optional kdegraphics-dev_3.3.2-2_i386.deb
858f8fcee168fee325c3757241404a17 221746 kde optional kdegraphics-kfile-plugins_3.3.2-2_i386.deb
1cb67e4c11070873f2b3526634a604a7 483692 graphics optional kdvi_3.3.2-2_i386.deb
994b81a4dc4718c3849671d677702daa 140230 graphics optional kfax_3.3.2-2_i386.deb
54afa2480c3e3ad0db3e896b0c8083c1 85624 graphics optional kgamma_3.3.2-2_i386.deb
b3a74605696aa21c0b9c1b1e28af36d7 227202 graphics optional kghostview_3.3.2-2_i386.deb
aad3108267c40fc4ccf86a498376fe3a 135642 graphics optional kiconedit_3.3.2-2_i386.deb
cda3b58761d8f3fe08de2f094ab9dd22 221502 kde optional kmrml_3.3.2-2_i386.deb
25b1522be81d2a7e3c0c1211a18e2330 748084 graphics optional kolourpaint_3.3.2-2_i386.deb
9fb3ed0a32513b1bcafe3efbdd792799 750344 graphics optional kooka_3.3.2-2_i386.deb
9fe702afe9d92862f21e8c33a195d64c 451142 graphics optional kpdf_3.3.2-2_i386.deb
fb72732f76bcc301f0ef40fa6223ef87 2205442 graphics optional kpovmodeler_3.3.2-2_i386.deb
9673baccc068647fa2bbb918e5144ba6 62286 graphics optional kruler_3.3.2-2_i386.deb
c6aa6572ecb97b4b6757821ef35d41eb 96980 graphics optional ksnapshot_3.3.2-2_i386.deb
7081a362992ce3a14d237184571add71 1220564 graphics optional ksvg_3.3.2-2_i386.deb
7bfef4fb75e493fb3f48573786550edb 471774 graphics optional kuickshow_3.3.2-2_i386.deb
eea99db10adf8c0fb726287fd871b59e 643232 graphics optional kview_3.3.2-2_i386.deb
370a880de825ef7abff8ec6645b62e15 166666 graphics optional kviewshell_3.3.2-2_i386.deb
66dbbe04d3dfe27d2bdb47a3253f3fbc 32864 libdevel optional libkscan-dev_3.3.2-2_i386.deb
d3ce9ae480c7153bc045753ddfa7375d 134272 libs optional libkscan1_3.3.2-2_i386.deb
c40eb95d5b45489ae5cea7a230f704ca 17360 kde optional kdegraphics_3.3.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Signed by Isaac Clerencia <isaac@warp.es>
iD8DBQFCXuouQET2GFTmct4RAh/2AJ9+oVoxUTnu4isfi8nSp1y7oS/TNgCcD0D5
Hk2NTa7pVvV5O4Bd3GVGeRM=
=Su8j
-----END PGP SIGNATURE-----
Reply to: