[Pkg-kde-talk] another vulnerability, this time in kdegraphics/kpdf :(

Adeodato Simó asp16@alu.ua.es
Thu, 23 Dec 2004 08:23:11 +0100


  See #286742. There has been no talk about this in the kde-packager
  list, but there will be surely be an advisory since there has already
  been a commit:

    kdegraphics/kpdf/xpdf/Gfx.cc - Revision 1.4.4.2
    Wed Dec 22 12:05:50 2004 UTC (18 hours, 56 minutes ago) by mueller 
    Branch: KDE_3_3_BRANCH 

    fix xpdf buffer overflow

    (http://webcvs.kde.org/kdegraphics/kpdf/xpdf/Gfx.cc?rev=1.7&view=lo=
g)

  and:

    kdegraphics/kpdf/xpdf/GfxState.cc - Revision 1.3.4.2
    Wed Dec 22 12:05:50 2004 UTC (19 hours, 2 minutes ago) by mueller
    Branch: KDE_3_3_BRANCH

    fix xpdf buffer overflow

                                 * * *

  While I was writing this mail, the Advisory arrived:

    http://www.kde.org/info/security/advisory-20041223-1.txt

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
    Listening to: Martirio - De homenaje
 
From the moment I picked your book up until I put it down I was
convulsed with laughter. Some day I intend reading it.
                -- Groucho Marx