xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference. (LP: #701220)
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption. (LP: #701220)
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
Date: Thu, 20 Jan 2011 16:49:30 -0500
Changed-By: Brian Thomason <brian.thoma...@canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/xpdf/3.02-2ubuntu1.1
Format: 1.8
Date: Thu, 20 Jan 2011 16:49:30 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-2ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Brian Thomason <brian.thoma...@canonical.com>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Launchpad-Bugs-Fixed: 701220 701220
Changes:
xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
.
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference. (LP: #701220)
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption. (LP: #701220)
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
Checksums-Sha1:
26525da9aa5a2d9fbbbd56101165d21d85eedd44 2076 xpdf_3.02-2ubuntu1.1.dsc
5dfe873a44f6152f8cba13832cbcce77bfc35cbc 59861
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Checksums-Sha256:
2b0509ad1ee4e67d560468f24aa7bce802ad2de24bc72c8fe247eee0aa9ff8b4 2076
xpdf_3.02-2ubuntu1.1.dsc
6162b2b0b905c2cdffd0f7cdbe202d818d84d435c39a15329b9c53ddad6305bd 59861
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Files:
6e0ba37a8b31fde9b8eda5281e331c5d 2076 text optional xpdf_3.02-2ubuntu1.1.dsc
9629b96bed87639ab211b12a92105702 59861 text optional
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Original-Maintainer: Michael Gilbert <michael.s.gilb...@gmail.com>
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
