[ubuntu/lucid-security] xpdf, xpdf (delayed) 3.02-2ubuntu1.1 (Accepted)

Fri, 21 Jan 2011 12:04:25 -0800 

xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
    cause a denial of service (crash) via unknown vectors that trigger an
    uninitialized pointer dereference. (LP: #701220)
    - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
    - CVE-2010-3702
  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
    attackers to cause a denial of service (crash) and possibly execute
    arbitrary code via a PDF file with a crafted Type1 font that contains a
    negative array index, which bypasses input validation and which triggers
    memory corruption. (LP: #701220)
    - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
    - CVE-2010-3704

Date: Thu, 20 Jan 2011 16:49:30 -0500
Changed-By: Brian Thomason <brian.thoma...@canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/xpdf/3.02-2ubuntu1.1

Format: 1.8
Date: Thu, 20 Jan 2011 16:49:30 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-2ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Brian Thomason <brian.thoma...@canonical.com>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Launchpad-Bugs-Fixed: 701220 701220
Changes: 
 xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
     cause a denial of service (crash) via unknown vectors that trigger an
     uninitialized pointer dereference. (LP: #701220)
     - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
     - CVE-2010-3702
   * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
     attackers to cause a denial of service (crash) and possibly execute
     arbitrary code via a PDF file with a crafted Type1 font that contains a
     negative array index, which bypasses input validation and which triggers
     memory corruption. (LP: #701220)
     - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael 
Gilbert)
     - CVE-2010-3704
Checksums-Sha1: 
 26525da9aa5a2d9fbbbd56101165d21d85eedd44 2076 xpdf_3.02-2ubuntu1.1.dsc
 5dfe873a44f6152f8cba13832cbcce77bfc35cbc 59861 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 2b0509ad1ee4e67d560468f24aa7bce802ad2de24bc72c8fe247eee0aa9ff8b4 2076 
xpdf_3.02-2ubuntu1.1.dsc
 6162b2b0b905c2cdffd0f7cdbe202d818d84d435c39a15329b9c53ddad6305bd 59861 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Files: 
 6e0ba37a8b31fde9b8eda5281e331c5d 2076 text optional xpdf_3.02-2ubuntu1.1.dsc
 9629b96bed87639ab211b12a92105702 59861 text optional 
xpdf_3.02-2ubuntu1.1.debian.tar.gz
Original-Maintainer: Michael Gilbert <michael.s.gilb...@gmail.com>

-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

Reply via email to