[Pkg-cups-devel] Re: CAN-2005-3191 CAN-2005-3192: Buffer
overflows in CUPS
Kenshi Muto
kmuto at debian.org
Tue Dec 13 00:39:49 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Joey and security team,
At Mon, 12 Dec 2005 15:51:44 +0100,
Martin Schulze wrote:
> Martin Schulze wrote:
> > "infamous41md" discovered several heap based buffer overflows in xpdf,
> > the Portable Document Format (PDF) suite, which is also present in
> > cupsys and
> > which can lead to a denial of service by crashing the application or
> > possibly to the execution of arbitrary code.
Debian's CUPS has already dropped to use pdftops code in source and
been using xpdf wrapper since Sarge. So the binary package in
Sarge/Etch/Sid aren't affected this CAN.
> > Please
> > . update the package in sid
> > . mention the CVE id from the subject in the changelog
> > . tell me the version number of the fixed package
> > . use urgency=high
Of course It's better to apply a patch to source for users who want to
create their own pdftops. So, I just uploaded cupsys 1.1.23-13 to unstable
although it still hasn't pdftops binary. :)
Thanks,
- --
Kenshi Muto
kmuto at debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAkOeGFEACgkQQKW+7XLQPLHaDwCbBlONOsOzU/ZIGbo315Y/Ywai
8mEAoMbXnNgAaR30dGNo0nU0I/Gc80Wz
=Tx3L
-----END PGP SIGNATURE-----
More information about the Pkg-cups-devel
mailing list