Bug#450630: marked as done (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 17 Nov 2007 07:32:07 +0000
with message-id <E1ItI9v-0003Jr-FE@ries.debian.org>
and subject line Bug#450630: fixed in kdegraphics 4:3.5.7-4+lenny1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
• From: Nico Golde <nion@debian.org>
• Date: Thu, 8 Nov 2007 18:29:22 +0100
• Message-id: <[🔎] 20071108172922.GA9986@ngolde.de>

Package: kdegraphics
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.

CVE-2007-4352[0]:
| Array index error in the DCTStream::readProgressiveDataUnit method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote
| attackers to trigger memory corruption and execute arbitrary code via
| a crafted PDF file.

CVE-2007-5392[1]:
| Integer overflow in the DCTStream::reset method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows
| remote attackers to execute arbitrary code via a crafted PDF
| file, resulting in a heap-based buffer overflow.

CVE-2007-5393[2]:
| Heap-based buffer overflow in the CCITTFaxStream::lookChar
| method in xpdf/Stream.cc in Xpdf 3.02 with
| xpdf-3.02pl1.patch allows remote attackers to execute
| arbitrary code via a PDF file that contains a crafted
| CCITTFaxDecode filter.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpxiPPCIAmg_.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 450630-close@bugs.debian.org
• Subject: Bug#450630: fixed in kdegraphics 4:3.5.7-4+lenny1
• From: Nico Golde <nion@debian.org>
• Date: Sat, 17 Nov 2007 07:32:07 +0000
• Message-id: <E1ItI9v-0003Jr-FE@ries.debian.org>

Source: kdegraphics
Source-Version: 4:3.5.7-4+lenny1

We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:

kamera_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kamera_3.5.7-4+lenny1_i386.deb
kcoloredit_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kcoloredit_3.5.7-4+lenny1_i386.deb
kdegraphics-dbg_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kdegraphics-dbg_3.5.7-4+lenny1_i386.deb
kdegraphics-dev_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kdegraphics-dev_3.5.7-4+lenny1_i386.deb
kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
  to pool/main/k/kdegraphics/kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
kdegraphics_3.5.7-4+lenny1.diff.gz
  to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1.diff.gz
kdegraphics_3.5.7-4+lenny1.dsc
  to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1.dsc
kdegraphics_3.5.7-4+lenny1_all.deb
  to pool/main/k/kdegraphics/kdegraphics_3.5.7-4+lenny1_all.deb
kdvi_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kdvi_3.5.7-4+lenny1_i386.deb
kfax_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kfax_3.5.7-4+lenny1_i386.deb
kfaxview_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kfaxview_3.5.7-4+lenny1_i386.deb
kgamma_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kgamma_3.5.7-4+lenny1_i386.deb
kghostview_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kghostview_3.5.7-4+lenny1_i386.deb
kiconedit_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kiconedit_3.5.7-4+lenny1_i386.deb
kmrml_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kmrml_3.5.7-4+lenny1_i386.deb
kolourpaint_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kolourpaint_3.5.7-4+lenny1_i386.deb
kooka_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kooka_3.5.7-4+lenny1_i386.deb
kpdf_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kpdf_3.5.7-4+lenny1_i386.deb
kpovmodeler_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kpovmodeler_3.5.7-4+lenny1_i386.deb
kruler_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kruler_3.5.7-4+lenny1_i386.deb
ksnapshot_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/ksnapshot_3.5.7-4+lenny1_i386.deb
ksvg_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/ksvg_3.5.7-4+lenny1_i386.deb
kuickshow_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kuickshow_3.5.7-4+lenny1_i386.deb
kview_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kview_3.5.7-4+lenny1_i386.deb
kviewshell_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/kviewshell_3.5.7-4+lenny1_i386.deb
libkscan-dev_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/libkscan-dev_3.5.7-4+lenny1_i386.deb
libkscan1_3.5.7-4+lenny1_i386.deb
  to pool/main/k/kdegraphics/libkscan1_3.5.7-4+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 450630@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated kdegraphics package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 16 Nov 2007 09:57:48 +0100
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev kruler kcoloredit kamera kdegraphics-dev libkscan1 kdegraphics-dbg kview kdegraphics-doc-html kpdf ksvg kdvi kiconedit kfax kfaxview kuickshow kooka kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: source i386 all
Version: 4:3.5.7-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 kamera     - digital camera io_slave for Konqueror
 kcoloredit - a color palette editor and color picker for KDE
 kdegraphics - graphics apps from the official KDE release
 kdegraphics-dbg - debugging symbols for kdegraphics
 kdegraphics-dev - development files for the KDE graphics module
 kdegraphics-doc-html - KDE graphics documentation in HTML format
 kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files
 kdvi       - dvi viewer for KDE
 kfax       - G3/G4 fax viewer for KDE
 kfaxview   - G3/G4 fax viewer for KDE using kviewshell
 kgamma     - gamma correction module for the KDE Control Center
 kghostview - PostScript viewer for KDE
 kiconedit  - an icon editor for KDE
 kmrml      - a Konqueror plugin for searching pictures
 kolourpaint - a simple paint program for KDE
 kooka      - scanner program for KDE
 kpdf       - PDF viewer for KDE
 kpovmodeler - a graphical editor for povray scenes
 kruler     - a screen ruler and color measurement tool for KDE
 ksnapshot  - screenshot utility for KDE
 ksvg       - SVG viewer for KDE
 kuickshow  - KDE image/slideshow viewer
 kview      - simple image viewer/converter for KDE
 kviewshell - generic framework for viewer applications in KDE
 libkscan-dev - development files for the KDE scanner library
 libkscan1  - scanner library for KDE
Closes: 450630
Changes: 
 kdegraphics (4:3.5.7-4+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Included post-3.5.8-kdegraphics-kpdf.diff to address the
     following security issues (Closes: #450630)
     - CVE-2007-5393 buffer overflow in the CCITTFaxStream::lookChar leading
       to arbitrary code execution via a crafted pdf file.
     - CVE-2007-5392 integer overflow in the DCTStream::reset resulting in a
       heap based buffer overflow allows code execution.
     - CVE-2007-4352 array index error in DCTStream::readProgressiveDataUnit
       leads to memory corruption and possibly arbitrary code execution.
Files: 
 e38ba3f815476ba7b2dfb49ba417dbcd 1420 kde optional kdegraphics_3.5.7-4+lenny1.dsc
 460e518dd7e1d525dc97a1c60f015e72 345945 kde optional kdegraphics_3.5.7-4+lenny1.diff.gz
 28584a5ab59479a214bf109245b75955 12306 kde optional kdegraphics_3.5.7-4+lenny1_all.deb
 7a7932a4e55900b96ab0b92eb5fc7c32 150594 doc optional kdegraphics-doc-html_3.5.7-4+lenny1_all.deb
 20665a60aff53f2d1fe9e4b5f4dcddca 82718 graphics optional kamera_3.5.7-4+lenny1_i386.deb
 2bf61a756ee1c1d5c8aca79eed775dca 97188 graphics optional kcoloredit_3.5.7-4+lenny1_i386.deb
 74aabd870b6491126d6363ffa722e0ed 97446 devel optional kdegraphics-dev_3.5.7-4+lenny1_i386.deb
 15067249feb2b36d4fa3dcbf0a21d09e 259466 kde optional kdegraphics-kfile-plugins_3.5.7-4+lenny1_i386.deb
 9ed6c71dc3f5199ebd7dd7c08d479c05 525672 graphics optional kdvi_3.5.7-4+lenny1_i386.deb
 8ad490a149ae74d6b0aef352fdd53e91 139572 graphics optional kfax_3.5.7-4+lenny1_i386.deb
 7281cadcb1c16d7a31800c4f9a6ecdeb 103278 graphics optional kfaxview_3.5.7-4+lenny1_i386.deb
 baab50c91cf4214287c4d1c044b43ffd 71096 graphics optional kgamma_3.5.7-4+lenny1_i386.deb
 65b9f2495bd93a1d410fd71d27dec3ef 229910 graphics optional kghostview_3.5.7-4+lenny1_i386.deb
 c22ccc4c8695ca562d4ccd0b3a9a5549 168830 graphics optional kiconedit_3.5.7-4+lenny1_i386.deb
 a37bb145fc7fa919a2d552a04274982b 219918 kde optional kmrml_3.5.7-4+lenny1_i386.deb
 094d202c92bae9b94548733a12d1cb3e 1062564 graphics optional kolourpaint_3.5.7-4+lenny1_i386.deb
 bb042aa8e484498bafa299765f8566ca 751586 graphics optional kooka_3.5.7-4+lenny1_i386.deb
 cf2bf0f847f71061501d268dcfc28309 813848 graphics optional kpdf_3.5.7-4+lenny1_i386.deb
 3ab989338da0d1e9f15e1166585fa5ea 2232786 graphics optional kpovmodeler_3.5.7-4+lenny1_i386.deb
 0eea36573cd1130f4c12393d6363906e 60944 graphics optional kruler_3.5.7-4+lenny1_i386.deb
 6bc8c0f2652f7049bc4268a233c20a04 167058 graphics optional ksnapshot_3.5.7-4+lenny1_i386.deb
 67e16ddbbcb90f4b66c2a05b7578d45d 1270236 graphics optional ksvg_3.5.7-4+lenny1_i386.deb
 628687438c7e5b5c7a167db333824491 486766 graphics optional kuickshow_3.5.7-4+lenny1_i386.deb
 404df14afd56e9648622249ce333b170 395960 graphics optional kview_3.5.7-4+lenny1_i386.deb
 4c73c13105c200f079fc8a3f7dc20c18 787078 graphics optional kviewshell_3.5.7-4+lenny1_i386.deb
 63f55be980425b3f425066a16903d2a6 12136 libdevel optional libkscan-dev_3.5.7-4+lenny1_i386.deb
 49f4e105469dbc808eaa0ec8cdf11585 129796 libs optional libkscan1_3.5.7-4+lenny1_i386.deb
 b5dd2d50f3a041de14b1e9419f5a0b4f 25353270 libdevel extra kdegraphics-dbg_3.5.7-4+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHPX9nHYflSXNkfP8RAmzUAKCXoQM3A0G7BCYclRyE27StLzuyhgCgkiQM
fGqYPCcWfj62Di5dg0fTlDQ=
=Ii3H
-----END PGP SIGNATURE-----

--- End Message ---