Your message dated Wed, 07 Dec 2005 20:32:10 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#342287: fixed in kdegraphics 4:3.4.3-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 6 Dec 2005 19:43:00 +0000 >From [EMAIL PROTECTED] Tue Dec 06 11:43:00 2005 Return-path: <[EMAIL PROTECTED]> Received: from talus.maths.usyd.edu.au ([129.78.68.1]) by spohr.debian.org with esmtp (Exim 4.50) id 1EjiiJ-0008LH-Vt for [EMAIL PROTECTED]; Tue, 06 Dec 2005 11:43:00 -0800 Received: from [EMAIL PROTECTED] by talus.maths.usyd.edu.au (8.12.3/8.1) id jB6Jgt3x024567 for [EMAIL PROTECTED]; Wed, 7 Dec 2005 06:42:55 +1100 Received: from savona.maths.usyd.edu.au ([EMAIL PROTECTED]) [129.78.69.138] by siv.maths.usyd.edu.au via smtpdoor V18.6 id 24566 for [EMAIL PROTECTED]; Wed, 7 Dec 2005 06:42:55 +1100 Message-Id: <[EMAIL PROTECTED]> Received: from [EMAIL PROTECTED] by savona.maths.usyd.edu.au (8.13.4/8.3/Submit) id jB6Jgtg1030096; Wed, 7 Dec 2005 06:42:55 +1100 X-Authentication-Warning: savona.maths.usyd.edu.au: psz set sender to [EMAIL PROTECTED] using -f Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Paul Szabo <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: xpdf-reader: security issues by iDefense X-Mailer: reportbug 3.8 Date: Wed, 07 Dec 2005 06:42:55 +1100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-7.3 required=4.0 tests=BAYES_00,HAS_PACKAGE, MSGID_FROM_MTA_HEADER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: xpdf-reader Version: 3.00-13 Severity: critical Justification: causes serious data loss Arbitrary code execution (with privileges as user of package) issues reported by iDefense: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability Multiple Vendor xpdf DCTStream Progressive Heap Overflow Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability http://www.idefense.com/application/poi/display?id=342 http://www.idefense.com/application/poi/display?id=343 http://www.idefense.com/application/poi/display?id=344 http://www.idefense.com/application/poi/display?id=345 (Debian, both woody and sarge, is specifically mentioned as vulnerable.) Reported also on public mailing lists, see http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/ http://www.securityfocus.com/archive/1 Upstream/vendor patches are apparently available. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm0.5 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages xpdf-reader depends on: ii gsfonts 8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre ii lesstif2 1:0.93.94-11.4 OSF/Motif 2.1 implementation relea ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libice6 4.3.0.dfsg.1-14sarge1 Inter-Client Exchange library ii libpaper1 1.1.14-3 Library for handling paper charact ii libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte ii libxp6 4.3.0.dfsg.1-14sarge1 X Window System printing extension ii libxpm4 4.3.0.dfsg.1-14sarge1 X pixmap library ii libxt6 4.3.0.dfsg.1-14sarge1 X Toolkit Intrinsics ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu ii xpdf-common 3.00-13 Portable Document Format (PDF) sui ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information --------------------------------------- Received: (at 342287-close) by bugs.debian.org; 8 Dec 2005 04:41:04 +0000 >From [EMAIL PROTECTED] Wed Dec 07 20:41:04 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EkDRy-0005nb-LD; Wed, 07 Dec 2005 20:32:10 -0800 From: Christopher Martin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.60 $ Subject: Bug#342287: fixed in kdegraphics 4:3.4.3-3 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 07 Dec 2005 20:32:10 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: kdegraphics Source-Version: 4:3.4.3-3 We believe that the bug you reported is fixed in the latest version of kdegraphics, which is due to be installed in the Debian FTP archive: kamera_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kamera_3.4.3-3_i386.deb kcoloredit_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kcoloredit_3.4.3-3_i386.deb kdegraphics-dev_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kdegraphics-dev_3.4.3-3_i386.deb kdegraphics-doc-html_3.4.3-3_all.deb to pool/main/k/kdegraphics/kdegraphics-doc-html_3.4.3-3_all.deb kdegraphics-kfile-plugins_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.4.3-3_i386.deb kdegraphics_3.4.3-3.diff.gz to pool/main/k/kdegraphics/kdegraphics_3.4.3-3.diff.gz kdegraphics_3.4.3-3.dsc to pool/main/k/kdegraphics/kdegraphics_3.4.3-3.dsc kdegraphics_3.4.3-3_all.deb to pool/main/k/kdegraphics/kdegraphics_3.4.3-3_all.deb kdvi_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kdvi_3.4.3-3_i386.deb kfax_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kfax_3.4.3-3_i386.deb kgamma_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kgamma_3.4.3-3_i386.deb kghostview_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kghostview_3.4.3-3_i386.deb kiconedit_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kiconedit_3.4.3-3_i386.deb kmrml_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kmrml_3.4.3-3_i386.deb kolourpaint_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kolourpaint_3.4.3-3_i386.deb kooka_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kooka_3.4.3-3_i386.deb kpdf_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kpdf_3.4.3-3_i386.deb kpovmodeler_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kpovmodeler_3.4.3-3_i386.deb kruler_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kruler_3.4.3-3_i386.deb ksnapshot_3.4.3-3_i386.deb to pool/main/k/kdegraphics/ksnapshot_3.4.3-3_i386.deb ksvg_3.4.3-3_i386.deb to pool/main/k/kdegraphics/ksvg_3.4.3-3_i386.deb kuickshow_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kuickshow_3.4.3-3_i386.deb kview_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kview_3.4.3-3_i386.deb kviewshell_3.4.3-3_i386.deb to pool/main/k/kdegraphics/kviewshell_3.4.3-3_i386.deb libkscan-dev_3.4.3-3_i386.deb to pool/main/k/kdegraphics/libkscan-dev_3.4.3-3_i386.deb libkscan1_3.4.3-3_i386.deb to pool/main/k/kdegraphics/libkscan1_3.4.3-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christopher Martin <[EMAIL PROTECTED]> (supplier of updated kdegraphics package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 7 Dec 2005 22:05:43 -0500 Source: kdegraphics Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev kruler kcoloredit kamera kdegraphics-dev libkscan1 kview kdegraphics-doc-html kpdf ksvg kdvi kiconedit kfax kuickshow kooka kdegraphics kolourpaint kmrml kgamma kpovmodeler Architecture: source i386 all Version: 4:3.4.3-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Christopher Martin <[EMAIL PROTECTED]> Description: kamera - digital camera io_slave for Konquerer kcoloredit - a color palette editor and color picker for KDE kdegraphics - graphics apps from the official KDE release kdegraphics-dev - development files for the KDE graphics module kdegraphics-doc-html - KDE graphics documentation in HTML format kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files kdvi - dvi viewer for KDE kfax - G3/G4 fax viewer for KDE kgamma - gamma correction module for the KDE Control Center kghostview - PostScript viewer for KDE kiconedit - an icon editor for KDE kmrml - a Konqueror plugin for searching pictures kolourpaint - a simple paint program for KDE kooka - scanner program for KDE kpdf - PDF viewer for KDE kpovmodeler - a graphical editor for povray scenes kruler - a screen ruler and color measurement tool for KDE ksnapshot - screenshot utility for KDE ksvg - SVG viewer for KDE kuickshow - KDE image/slideshow viewer kview - simple image viewer/converter for KDE kviewshell - generic framework for viewer applications in KDE libkscan-dev - development files for the KDE scanner library libkscan1 - scanner library for KDE Closes: 342287 Changes: kdegraphics (4:3.4.3-3) unstable; urgency=medium . +++ Changes by Christopher Martin: . * KDE_3_4_BRANCH update (up to r486446). This update includes security fixes for CAN-2005-3191, CAN-2005-3192, and CAN-2005-3193. (Closes: #342287) Files: d3cb3365ac2fc0d03b0cec09bcbb8658 1486 kde optional kdegraphics_3.4.3-3.dsc fdb70bde40b21e25832e07ba433693c0 217890 kde optional kdegraphics_3.4.3-3.diff.gz 1ab7da9bd871fd616fd9ad2a0909006d 17914 kde optional kdegraphics_3.4.3-3_all.deb f344662fa12d1b1366402809cd35fb0a 146188 doc optional kdegraphics-doc-html_3.4.3-3_all.deb 4724bca7abccc58f75fd13d5ddf3f872 85256 graphics optional kamera_3.4.3-3_i386.deb cbe19fdae91f5abdcf571ef9a108885e 99174 graphics optional kcoloredit_3.4.3-3_i386.deb 371944104da180a5f9ee60a35175151d 68458 devel optional kdegraphics-dev_3.4.3-3_i386.deb 5485351291344cd75bfc980710288b23 220150 kde optional kdegraphics-kfile-plugins_3.4.3-3_i386.deb 2af4c3bfee5884f86da86297639dbd9c 511502 graphics optional kdvi_3.4.3-3_i386.deb f3d0493feff7642641e73afd54088ba2 148498 graphics optional kfax_3.4.3-3_i386.deb a85f1fd0a8758016275c976d3df46175 72970 graphics optional kgamma_3.4.3-3_i386.deb aebfe3bcaaa6f44ca0fb922d5e2fc6d4 224338 graphics optional kghostview_3.4.3-3_i386.deb a0c39999e64346f1640ad5b0b46994ab 138828 graphics optional kiconedit_3.4.3-3_i386.deb c75a2feaa632cc8bc6f772bba4aa7a5d 214114 kde optional kmrml_3.4.3-3_i386.deb 528632ab127fd03d75dcce074cf08c8c 768758 graphics optional kolourpaint_3.4.3-3_i386.deb 38a3eb19527081f9c55e479415419740 751984 graphics optional kooka_3.4.3-3_i386.deb fde76529829faff32bea244ce08a556b 621706 graphics optional kpdf_3.4.3-3_i386.deb f7aa7bac0ff335bbadd063e8dce90ae7 2177414 graphics optional kpovmodeler_3.4.3-3_i386.deb 2cbc58e9a0da22393d0c041dadf2fdae 63690 graphics optional kruler_3.4.3-3_i386.deb 84a8e1000bb1e149fd1648563439b8f8 140666 graphics optional ksnapshot_3.4.3-3_i386.deb c64a1b61a9dc2bbb6e54b971349737f7 1173436 graphics optional ksvg_3.4.3-3_i386.deb ba8f81b403d1472987ab747e527c96f6 469582 graphics optional kuickshow_3.4.3-3_i386.deb 53cbdc0de80d560d5ce41ec4bc1dccf4 662044 graphics optional kview_3.4.3-3_i386.deb 7d1d6b99bb9e13f30cda80bb1ec21c9c 246574 graphics optional kviewshell_3.4.3-3_i386.deb 82f2734f81677ed750295ad175e13c91 17738 libdevel optional libkscan-dev_3.4.3-3_i386.deb 8a61535f48f0191faa4b906b13ddefb6 128564 libs optional libkscan1_3.4.3-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Signed by Christopher Martin <[EMAIL PROTECTED]> iD8DBQFDl7U1U+gWW+vtsysRAq7xAKCbClVFDOnEyxZOtDC2/nW36fT8dwCfTZ7W WJOmISHUk9soKZiwS/NhZgo= =HC7y -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]