Bug#534680: marked as done (libpoppler4: buffer overflow in the Abiword backend)

Debian Bug Tracking System Thu, 24 Dec 2009 10:25:33 -0800

Your message dated Thu, 24 Dec 2009 18:18:31 +0000
with message-id <[email protected]>
and subject line Bug#534680: fixed in poppler 0.12.2-2.1
has caused the Debian Bug report #534680,
regarding libpoppler4: buffer overflow in the Abiword backend
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
534680: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libpoppler4
Version: 0.10.6-1.1
Severity: important

The Abiword backend is susceptible to buffer overflows.

Proof of concept:

$ gdb pdftoabw
[snip]
(gdb) break ABWOutputDev::endWord()
Function "ABWOutputDev::endWord()" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (ABWOutputDev::endWord()) pending.
(gdb) run test.pdf /tmp/tmp
[snip]

Breakpoint 1, ABWOutputDev::endWord (this=0x97a12d0) at ABWOutputDev.cc:424
424       if (N_word) {
(gdb) cont
Continuing.

Breakpoint 1, ABWOutputDev::endWord (this=0x97a12d0) at ABWOutputDev.cc:424
424       if (N_word) {
(gdb) n
425         sprintf(buf, "%f", X2);    xmlNewProp(N_word, BAD_CAST "X2", 
BAD_CAST buf);
(gdb) n
426         sprintf(buf, "%f", Y2);    xmlNewProp(N_word, BAD_CAST "Y2", 
BAD_CAST buf);
(gdb) print sizeof buf
$1 = 20
(gdb) print strlen(buf)
$2 = 20


-- System Information:
Debian Release: squeeze/sid
    APT prefers unstable
    APT policy: (900, 'unstable'), (500, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpoppler4 depends on:
ii  libc6                  2.9-18            GNU C Library: Shared libraries
ii  libfontconfig1         2.6.0-4           generic font configuration library
ii  libfreetype6           2.3.9-5           FreeType 2 font engine, shared lib
ii  libgcc1                1:4.4.0-8         GCC support library

ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libopenjpeg2 1.3+dfsg-4 JPEG 2000 image compression/decomp

ii  libstdc++6             4.4.0-8           The GNU Standard C++ Library v3
ii  libxml2                2.7.3.dfsg-1      GNOME XML library
ii  zlib1g                 1:1.2.3.3.dfsg-14 compression library - runtime

libpoppler4 recommends no packages.

libpoppler4 suggests no packages.

--
Jakub Wilk

test.pdf
Description: Adobe PDF document

--- End Message ---

--- Begin Message ---

Source: poppler
Source-Version: 0.12.2-2.1

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

libpoppler-dev_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-dev_0.12.2-2.1_i386.deb
libpoppler-glib-dev_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-glib-dev_0.12.2-2.1_i386.deb
libpoppler-glib4_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-glib4_0.12.2-2.1_i386.deb
libpoppler-qt-dev_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-qt-dev_0.12.2-2.1_i386.deb
libpoppler-qt2_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-qt2_0.12.2-2.1_i386.deb
libpoppler-qt4-3_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-qt4-3_0.12.2-2.1_i386.deb
libpoppler-qt4-dev_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler-qt4-dev_0.12.2-2.1_i386.deb
libpoppler5_0.12.2-2.1_i386.deb
  to main/p/poppler/libpoppler5_0.12.2-2.1_i386.deb
poppler-dbg_0.12.2-2.1_i386.deb
  to main/p/poppler/poppler-dbg_0.12.2-2.1_i386.deb
poppler-utils_0.12.2-2.1_i386.deb
  to main/p/poppler/poppler-utils_0.12.2-2.1_i386.deb
poppler_0.12.2-2.1.diff.gz
  to main/p/poppler/poppler_0.12.2-2.1.diff.gz
poppler_0.12.2-2.1.dsc
  to main/p/poppler/poppler_0.12.2-2.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 Dec 2009 16:11:27 +0100
Source: poppler
Binary: libpoppler5 libpoppler-dev libpoppler-glib4 libpoppler-glib-dev 
libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-3 libpoppler-qt4-dev 
poppler-utils poppler-dbg
Architecture: source i386
Version: 0.12.2-2.1
Distribution: unstable
Urgency: high
Maintainer: Loic Minier <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib 
interface)
 libpoppler-glib4 - PDF rendering library (GLib-based shared library)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
 libpoppler-qt2 - PDF rendering library (Qt 3 based shared library)
 libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 
interface)
 libpoppler5 - PDF rendering library
 poppler-dbg - PDF rendering library - detached debugging symbols
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 534680
Changes: 
 poppler (0.12.2-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-3938 (Closes: #534680)
Checksums-Sha1: 
 06acb101223ed166d288a173d6e9b462bd305bd2 1617 poppler_0.12.2-2.1.dsc
 e35db06c90c27b755e1133800c56da2fcd78e98b 18997 poppler_0.12.2-2.1.diff.gz
 8dbab31b865f3111f92d941fdf3d6323caaee658 921038 libpoppler5_0.12.2-2.1_i386.deb
 aad6c758ac45506517707c380779cc1feeeb7a28 1196024 
libpoppler-dev_0.12.2-2.1_i386.deb
 267921dda84efebf89fa64c1f1c1f3acdba5f2c1 296562 
libpoppler-glib4_0.12.2-2.1_i386.deb
 ee9e3c33d1296b2cb64a4dc23c71602d524a0b1f 366260 
libpoppler-glib-dev_0.12.2-2.1_i386.deb
 5b00d0d97b6aba22e13c3759b3aedc7f935241cb 249546 
libpoppler-qt2_0.12.2-2.1_i386.deb
 e3c2ffb0781831fd1ba863edcfee32e821d3ac8d 254662 
libpoppler-qt-dev_0.12.2-2.1_i386.deb
 948e12c7ae7ae415021b988af7a95b70cde07b9b 394092 
libpoppler-qt4-3_0.12.2-2.1_i386.deb
 458abd6070b618b6a4dd9f38eb03164e21329994 433182 
libpoppler-qt4-dev_0.12.2-2.1_i386.deb
 0b90d4b8e7e182d279bf2795236601119f5cf7c9 302192 
poppler-utils_0.12.2-2.1_i386.deb
 239fe723130060674c982de146d91336451d7528 3467310 
poppler-dbg_0.12.2-2.1_i386.deb
Checksums-Sha256: 
 981814a50d375db9675e2b5fddd91e5bbfb6ee16683e1deee85ccfdfd0494706 1617 
poppler_0.12.2-2.1.dsc
 9a5e775d159a6cf58f51b2586cfbeec8108295ae0363e8745066cfd40431e85d 18997 
poppler_0.12.2-2.1.diff.gz
 ea3bc9e428ea628e5343b6f7b47c3bf67bae6475a959f02a118715fe7e53e4c3 921038 
libpoppler5_0.12.2-2.1_i386.deb
 b9b0900d89823badd3a3efae732f72b95d6affda814081f03ae0990ac7a901db 1196024 
libpoppler-dev_0.12.2-2.1_i386.deb
 5618bcae854a38167b443842772a6296da18a6fb711b3d530653d41329867468 296562 
libpoppler-glib4_0.12.2-2.1_i386.deb
 369f361c70aba61a61a14b86a0fab39b5171cb6524244bfc179029c0913d7b47 366260 
libpoppler-glib-dev_0.12.2-2.1_i386.deb
 3b54c8431d05a5a111b4246437e080be61645b8e81ac46c1312bd1b947b81193 249546 
libpoppler-qt2_0.12.2-2.1_i386.deb
 f45ea730fbf73f235378b296966ece877485d67e26e694df3749d0cb8e788db9 254662 
libpoppler-qt-dev_0.12.2-2.1_i386.deb
 9cea828110108a4117b40e9c8070f6eb2a6a918b6cc448fb2f8ffa56fefb2636 394092 
libpoppler-qt4-3_0.12.2-2.1_i386.deb
 bb56c0cc43278fcd1361e101ba9f3d25b7d481e68fecbeb0a5b394d4c0669dda 433182 
libpoppler-qt4-dev_0.12.2-2.1_i386.deb
 d34acbd16fd3a597323dfeb60bd5d1f2e6e98262a87b17b01f723f05acdbe1bd 302192 
poppler-utils_0.12.2-2.1_i386.deb
 9dde1e5f0f41b4341f54baf25816732d336b8c0022daf24cb2b955f6e8ea491c 3467310 
poppler-dbg_0.12.2-2.1_i386.deb
Files: 
 6c63156ee0101d463198606ded409649 1617 devel optional poppler_0.12.2-2.1.dsc
 f59101ff2915d8b2c5f20156cdfa6522 18997 devel optional 
poppler_0.12.2-2.1.diff.gz
 3d3c44b87e082f5a6bb2a35aee2ed466 921038 libs optional 
libpoppler5_0.12.2-2.1_i386.deb
 bf97abc19857f0e30442dd604430f1c6 1196024 libdevel optional 
libpoppler-dev_0.12.2-2.1_i386.deb
 b66e66153afb85b5e0edfa40ff204b2f 296562 libs optional 
libpoppler-glib4_0.12.2-2.1_i386.deb
 a01d4609cb96abeac9eb737a89aef86e 366260 libdevel optional 
libpoppler-glib-dev_0.12.2-2.1_i386.deb
 b2b1807250cb1f3d3a99030b6971700f 249546 libs optional 
libpoppler-qt2_0.12.2-2.1_i386.deb
 f57c3998c61b433b88b03f91752db125 254662 libdevel optional 
libpoppler-qt-dev_0.12.2-2.1_i386.deb
 e0180aa51e26f2468178bf4c597ea756 394092 libs optional 
libpoppler-qt4-3_0.12.2-2.1_i386.deb
 0e9e54343d2211056c38e31c370e1243 433182 libdevel optional 
libpoppler-qt4-dev_0.12.2-2.1_i386.deb
 79f19aa552d6370c6d47a468d4ba71e1 302192 utils optional 
poppler-utils_0.12.2-2.1_i386.deb
 881a479070f3402dc6b1d1467c8e64fe 3467310 debug extra 
poppler-dbg_0.12.2-2.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksw56wACgkQNxpp46476arNFACfdb53hcx9JpzfLj2taqLqqo4E
GkIAn1YKHjS4rYX0RlkfQ7m+ASGqT22S
=l0+G
-----END PGP SIGNATURE-----

--- End Message ---

Bug#534680: marked as done (libpoppler4: buffer overflow in the Abiword backend)

Reply via email to