xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
Date: Mon, 10 Jan 2011 15:32:39 -0500
Changed-By: Brian Thomason <[email protected]>
Maintainer: Ubuntu MOTU Developers <[email protected]>
https://launchpad.net/ubuntu/karmic/+source/xpdf/3.02-1.4ubuntu2.9.10.2
Format: 1.8
Date: Mon, 10 Jan 2011 15:32:39 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-1.4ubuntu2.9.10.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <[email protected]>
Changed-By: Brian Thomason <[email protected]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Changes:
xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low
.
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
Checksums-Sha1:
8b0a5b120ca323994ef21ca66fa82db50b936e5e 2030 xpdf_3.02-1.4ubuntu2.9.10.2.dsc
1f43d6226e16910203d839aed435945b127d09e6 47441
xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz
Checksums-Sha256:
05c2c5bd12397ed799725d951b6163d4f1242af4c6a4d883fee9aac7a9a8cdea 2030
xpdf_3.02-1.4ubuntu2.9.10.2.dsc
ac29583d298b31df88e2844a1e906060b70c737a2406acee9492716bff4ea6d2 47441
xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz
Files:
27475dbc3bab453da175223f8031e2c7 2030 text optional
xpdf_3.02-1.4ubuntu2.9.10.2.dsc
a570cd14cbf1beb5bca65e3bf6cd438a 47441 text optional
xpdf_3.02-1.4ubuntu2.9.10.2.diff.gz
Launchpad-Bugs-Fixed: 701220
Original-Maintainer: Hamish Moffatt <[email protected]>
--
Karmic-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/karmic-changes
