[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#320627: marked as done (crash w/ xpdf)

Your message dated Sat, 25 Sep 2010 13:59:52 +0000
with message-id <E1OzVI8-0001Dx-EX@franck.debian.org>
and subject line Bug#320627: fixed in xorg-server 2:1.4.2-10.lenny3
has caused the Debian Bug report #320627,
regarding crash w/ xpdf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
320627: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320627
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Subject: crash w/ Florida law
Package: xserver-common
Version: multiple

At least two people have managed to crash X by
trying to read the Florida law using xpdf.

---------- instructions for trying it ----------
Here is the Florida Administrative Code:

http://fac.dos.state.fl.us/faconline/chapter64.pdf

The index doesn't work too well. Try following the
instructions I was given for finding Chapter 64V-1,
the Vital Statistics code:

  In the menu on the left side, scroll all the
  way to the bottom to 64V-1. You will
  need Adobe Acrobat Reader 4.05+ to view these file.
---------------------------------------------------

On the debian-powerpc mailing list, Sean Neakums
and Ken Moffat report:

>> I just had a go at chapter64.pdf with xpdf and
>> my X server crashed, which is impressive.  I can't
>> remember the last time I've had X crash.
>
> Damn, I wish I'd read further down the thread
> before I tried.  Yeah, mine crashed too (on x86).
> A vulnerability triggered by malicious official
> documents.

That's at least two bugs by my count (xpdf and X),
and fixing one might hide the other. I have filed
an xpdf bug as well.

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:1.4.2-10.lenny3

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive:

xdmx-tools_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xdmx-tools_1.4.2-10.lenny3_i386.deb
xdmx_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xdmx_1.4.2-10.lenny3_i386.deb
xnest_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xnest_1.4.2-10.lenny3_i386.deb
xorg-server_1.4.2-10.lenny3.diff.gz
  to main/x/xorg-server/xorg-server_1.4.2-10.lenny3.diff.gz
xorg-server_1.4.2-10.lenny3.dsc
  to main/x/xorg-server/xorg-server_1.4.2-10.lenny3.dsc
xprint-common_1.4.2-10.lenny3_all.deb
  to main/x/xorg-server/xprint-common_1.4.2-10.lenny3_all.deb
xprint_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xprint_1.4.2-10.lenny3_i386.deb
xserver-xephyr_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xserver-xephyr_1.4.2-10.lenny3_i386.deb
xserver-xorg-core-dbg_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xserver-xorg-core-dbg_1.4.2-10.lenny3_i386.deb
xserver-xorg-core_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xserver-xorg-core_1.4.2-10.lenny3_i386.deb
xserver-xorg-dev_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xserver-xorg-dev_1.4.2-10.lenny3_i386.deb
xvfb_1.4.2-10.lenny3_i386.deb
  to main/x/xorg-server/xvfb_1.4.2-10.lenny3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 320627@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Sep 2010 12:25:53 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xprint xprint-common xserver-xorg-core-dbg
Architecture: source all i386
Version: 2:1.4.2-10.lenny3
Distribution: stable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xprint     - X11 print system (binary)
 xprint-common - Xprint - the X11 print system (configuration files)
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-dev - Xorg X server - development files
 xvfb       - Virtual Framebuffer 'fake' X server
Closes: 320627 555308
Changes: 
 xorg-server (2:1.4.2-10.lenny3) stable; urgency=low
 .
   * Cherry-pick patch from upstream to set umask to a sane value in Xorg
     before opening the log, so we don't create it world-writable (closes:
     #555308).
   * Add patch by Olivier Fourdan (Red Hat) to fix the mod() macro in fb and
     mi.
   * render: bounds check for nglyphs in ProcRenderAddGlyphs.
   * fb: make isClipped always reject negative coordinates (closes: #320627)
   * xvfb-run: don't pass the magic cookie to xauth on the command line
     (CVE-2009-1573).  Thanks, Loïc Minier!
Checksums-Sha1: 
 c1a485da6cb8667eaef08f65e594296e71d3e56b 3540 xorg-server_1.4.2-10.lenny3.dsc
 424dc38d65dd41a48b99259a12302e878c84c78e 578041 xorg-server_1.4.2-10.lenny3.diff.gz
 004a4855d609a8fccba17186716eb779a2ddf5b5 645778 xprint-common_1.4.2-10.lenny3_all.deb
 142870487c3888b0f42c9db4a84f09e0b98072ec 4113106 xserver-xorg-core_1.4.2-10.lenny3_i386.deb
 9e3ad85b403458293d3a9101ee4bf762136b6438 692836 xserver-xorg-dev_1.4.2-10.lenny3_i386.deb
 dab2f340fb1197e4182fc084a03bde79d8655964 1151100 xdmx_1.4.2-10.lenny3_i386.deb
 fea2f8aaba9819889a455e0b20b78db868fabb59 466478 xdmx-tools_1.4.2-10.lenny3_i386.deb
 e32435ef1ba2dd9452c14f241b87b7d51c5d15b8 1772082 xnest_1.4.2-10.lenny3_i386.deb
 57759f47c90846d6fd2a1f983f168049e42d3e34 1887372 xvfb_1.4.2-10.lenny3_i386.deb
 78b437d01260ea1ff5be992eae398036de7330c3 1924558 xserver-xephyr_1.4.2-10.lenny3_i386.deb
 d16a6ae1cada3503b96baf8d67e511cd248020e2 1568326 xprint_1.4.2-10.lenny3_i386.deb
 37f1d2a2e2ea81f7fb3099dd947fd90a528fd21d 12558212 xserver-xorg-core-dbg_1.4.2-10.lenny3_i386.deb
Checksums-Sha256: 
 1e427c50ab3bbb43aa39640793378740db10b7d94f8eec81a6b622cbe84ee073 3540 xorg-server_1.4.2-10.lenny3.dsc
 c48b1c8431b4d9d4a4f597a9198ef687fd596bc2b4502fc6413545621f184128 578041 xorg-server_1.4.2-10.lenny3.diff.gz
 67db48a76ae0b61d0bed38d471b3306a8bc39eb24524a6f0444d1175f1082758 645778 xprint-common_1.4.2-10.lenny3_all.deb
 b5db9a728c1159f96edaed30800f483b108fc79cb9a001568cecfa1ae6069ea2 4113106 xserver-xorg-core_1.4.2-10.lenny3_i386.deb
 9a0626c3a7f6fbd6d186302b20299814ad3657fc8e8fd5c580f8de8dae6f9524 692836 xserver-xorg-dev_1.4.2-10.lenny3_i386.deb
 7375a4c59657384b6df1fe9952abbb9e921e92b920417f083600a31a4a434baa 1151100 xdmx_1.4.2-10.lenny3_i386.deb
 a731eb704de21417dcf852ad9c9c1cf8333f4ebb3b05db167f5ba513e0d87857 466478 xdmx-tools_1.4.2-10.lenny3_i386.deb
 68ab261ecfb299939b810dbecf82bb59a527b3d147d09fa75ad2e47339f69474 1772082 xnest_1.4.2-10.lenny3_i386.deb
 cc3dbbd081f1006e95b784707850cb1afc76c8545161fa2e8167f5a9c24b50e1 1887372 xvfb_1.4.2-10.lenny3_i386.deb
 95eca13a4c11f2a3d5a59a8c4a0f922e0d4e0e87cf7fdcdb2868557e12f294c3 1924558 xserver-xephyr_1.4.2-10.lenny3_i386.deb
 0abab2a9ef8126e3e8d5ccd1fabac5fde331a5779dbb6c653211aae52f5a3d50 1568326 xprint_1.4.2-10.lenny3_i386.deb
 14c0524a92978fc6341167e466f1663d030f4c7e5eda0512ffb93414743c2c08 12558212 xserver-xorg-core-dbg_1.4.2-10.lenny3_i386.deb
Files: 
 e590f0c7ad9f3a913474b5aa91aac8a8 3540 x11 optional xorg-server_1.4.2-10.lenny3.dsc
 ea18c697e276bdc97ec0062a52f63957 578041 x11 optional xorg-server_1.4.2-10.lenny3.diff.gz
 ae16ddc4f0b8d152950539fac064d236 645778 x11 optional xprint-common_1.4.2-10.lenny3_all.deb
 bd9b354c5cd4bec2b92e089c4f82b5c7 4113106 x11 optional xserver-xorg-core_1.4.2-10.lenny3_i386.deb
 2e3ce20dc88f298fb983ee1491ea9c0e 692836 x11 optional xserver-xorg-dev_1.4.2-10.lenny3_i386.deb
 de77898c7508713f73dc87d1eb1cea62 1151100 x11 optional xdmx_1.4.2-10.lenny3_i386.deb
 bd95b6a45eb9a22b9d700764de21bafd 466478 x11 optional xdmx-tools_1.4.2-10.lenny3_i386.deb
 edd82a6e5c9f912e2c482fe2e223a7c8 1772082 x11 optional xnest_1.4.2-10.lenny3_i386.deb
 6d55fa2e69377765ff20f660c4d11e2a 1887372 x11 optional xvfb_1.4.2-10.lenny3_i386.deb
 651f905920c7452c4c66d1a61bd9693f 1924558 x11 optional xserver-xephyr_1.4.2-10.lenny3_i386.deb
 5350277a18548e60f4601986d61117d4 1568326 x11 optional xprint_1.4.2-10.lenny3_i386.deb
 2696038838ab4fde8d49d59d6480a7cd 12558212 x11 extra xserver-xorg-core-dbg_1.4.2-10.lenny3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMnfFrAAoJEDEBgAUJBeQMEkcQALzZm7Zryhv8JaQxZinMs69H
ULCoFNatERdS0c/6h2Cf6TR39wlFISKT7FAIW3shdcEdhiSvOYsCJGnNU8gBj+1U
mkkHfJa+fo4zhqAOOSvN8HVB8TOQERCz5eI9hkyY4zCRS/DKChvetgmKbE0ALWgV
XbY35QEcjuP9h2fKqOscXU6riECoVn88OVgFYzW0hKHbIA+9s1Oj8fDtwiFujppS
HU7wwQmNsGX+vJlF2eHUUkNge8CdtBPtXXuvTsroMp9P91q51PjqFXbCXSivc4TH
TrEUvRMNBie/pJ3EzhyW/MWOcqbzMxazEBk2H7kj6ofhKFV9BYnvE5H5Rw8q8cYx
cDrwma4svRh955vckNGQAGzPnQCDzKVwOEflL58+4hVvS5JknIC0jnrcLOUPPNml
/KiEGvaS48+SjU5ceTZCvB5IwkWeatjbXnuLjRX4t9qtV0sWNi6dSuoKk+0CW6Vz
j+g/U/2fV/kZ8K5iks0SeEYfMXjErnvmQiP7vz3l+HuUn7PByV1H4xecab99yaM6
E1Wpysjfc3oAo8W67tAhCGUV/RkC5zcSBQc+0bHi3Da+bUadmZ5+opEJSXiVLdUM
/PLzaVAS3KvDIPng9w04WbZEFDfYzRmLuFVTNxfsSRJ+gsbPdQHZ+dDmqWUq0eLl
l6ARvds0h+eKZQCry/sq
=9CfC
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: