Yaakov S (Cygwin Ports) wrote:
Xpdf is vulnerable to integer overflows that may be exploited to execute
arbitrary code.
Solution: apply this patch to xpdf-3.01:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch
More information:
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Now, in addition to the above, there's another heap overflow
vulnerability. Isn't maintaining xpdf a lot of fun? :-)
Solution: apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287
More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
Yaakov