Red Hat Bugzilla – Bug 145053
CAN-2005-0064 xpdf buffer overflow
Last modified: 2007-11-30 17:07:15 EST
*** This bug has been split off bug 145049 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.13
iDEFENSE has reported a stack based buffer overflow in xpdf.
The patch is here:
The iDEFENSE advisory is attachment 109745 [details]
We're going to need some new packages rolled for RHSA-2005:027 to fix this new
issue. Please respect the embargo when working with CVS.
The patch URL does not yet work. We don't have a patch from upstream yet. I'll
update the bugs as soon as I know.
Now public, see URL for patch, removing embargo
Marco, you want to take this one? If not I'll do it.
Dan, I'm working on it. I built the package and I'm finishing to file the
errata. I'm a bit slow because it's my first errata... hopefully I'm doing
things right ;)
I *think* everything is done here. Please let me know if there are problems,
it's my first errata, I tried to be careful but... it's not the simpler process
in the world ;)
The things look fine, thanks. I'm moving the bug to modified.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.