[Pkg-cups-devel] xpdf problems present in CUPS
Martin Pitt
mpitt at debian.org
Thu Jan 12 07:52:04 UTC 2006
Hi Joey!
Martin Schulze [2006-01-11 20:33 +0100]:
> CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
> CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
>
> "infamous41md" and Chris Evans discovered several heap based buffer
> overflows in xpdf which are also present in CUPS, the Common UNIX
> Printing System, and which can lead to a denial of service by crashing
> the application or possibly to the execution of arbitrary code.
>
> I'm attaching the patch we're going to use for the update of the
> package in sarge. Please fix the package in sid, mention the
> corresponding CVE names and let us know which version fixes these
> problems.
Sarge's and Sid's cupsys use xpdf-utils and ignore the internal xpdf
code copy, so at most woody is affected AFAICS.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20060112/421fcff6/attachment-0001.pgp
More information about the Pkg-cups-devel
mailing list