xpdf: integer overflow and null ptr dereference vulnerabilities

Debian Bug report logs - #551287
xpdf: integer overflow and null ptr dereference vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: submit@bugs.debian.org

Subject: xpdf: integer overflow and null ptr dereference vulnerabilities

Date: Fri, 16 Oct 2009 17:40:54 -0400

package: xpdf
version: 3.01-9.1
severity: serious
tags: security

hi,

it has been disclosed that xpdf is vulnerable to multiple new
vulnerabilities [0].  these issues are also applicable to xpdf in both
stable and oldstable, so please coordinate with the security team to
release patched versions.  thanks.

mike

[0] http://seclists.org/fulldisclosure/2009/Oct/227

Message #14 received at 551287@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 551287@bugs.debian.org, 527840@bugs.debian.org

Subject: re: xpdf: integer overflow and null ptr dereference vulnerabilities

Date: Sat, 6 Feb 2010 21:18:00 -0500

[Message part 1 (text/plain, inline)]

hi,

i've built packages that address the open xpdf issues [0].  the planned
nmu for unstable is attached.

i can assist with xpdf security updates in the future.

mike

[0] http://alioth.debian.org/~gilbert-guest/xpdf/

[xpdf-sid.debdiff (application/octet-stream, attachment)]

Message #19 received at 551287-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 551287-close@bugs.debian.org

Subject: Bug#551287: fixed in xpdf 3.02-2

Date: Sun, 04 Apr 2010 09:26:36 +0000

Source: xpdf
Source-Version: 3.02-2

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.02-2_all.deb
  to main/x/xpdf/xpdf-common_3.02-2_all.deb
xpdf-reader_3.02-2_amd64.deb
  to main/x/xpdf/xpdf-reader_3.02-2_amd64.deb
xpdf-utils_3.02-2_amd64.deb
  to main/x/xpdf/xpdf-utils_3.02-2_amd64.deb
xpdf_3.02-2.debian.tar.gz
  to main/x/xpdf/xpdf_3.02-2.debian.tar.gz
xpdf_3.02-2.dsc
  to main/x/xpdf/xpdf_3.02-2.dsc
xpdf_3.02-2_all.deb
  to main/x/xpdf/xpdf_3.02-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551287@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilbert@gmail.com> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 02 Apr 2010 17:40:49 -0400
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all amd64
Version: 3.02-2
Distribution: unstable
Urgency: high
Maintainer: Michael Gilbert <michael.s.gilbert@gmail.com>
Changed-By: Michael Gilbert <michael.s.gilbert@gmail.com>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 408502 424178 424747 458763 495150 515495 527840 528807 535261 551287 558020 575779
Changes: 
 xpdf (3.02-2) unstable; urgency=high
 .
   [Michael Gilbert]
   * Fix multiple security issues (closes: #551287, #575779).
     - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
       SplashBitmap::SplashBitmap function in SplashBitmap.cc.
     - CVE-2009-3603: Additional integer overflows in the
       SplashBitmap::SplashBitmap function.
     - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
       function in Splash.cc.
     - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
       function in PSOutputDev.cc.
     - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
       function in XRef.cc.
     - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
       function in Stream.cc.
   * Bump standards version to 3.8.4 (no changes required).
   * Use ${misc:Depends}.
   * Adopt the package (closes: #535261, #527840).
 .
   [Rogério Brito]
   * debian/copyright:
     + include versioned link to the GPL.
   * debian/*
     + convert to source format "3.0 (quilt)".
   * debian/{control,compat}:
     + bump compat to 5.
   * debian/control:
     + remove dpatch build-dep and calls in debian/rules.
     + include Homepage field.
     + build-depend on unversioned automake.
     + build-depend on versioned lesstif.
     + wrap build-depends line to keep sanity.
     + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
     + remove debian revision from versioned build-deps.
     + update standards-version to 3.8.3, with no extra changes required.
   * debian/rules:
     + remove commented lines.
     + fix the includes for lesstif. (See below).
     + remove deprecated dh_desktop helper.
     + don't ignore errors when calling "make -i distclean".
     + separate configuration from package compilation to keep things tidy.
     + don't remove recursively things that are only files.
   * debian/patches:
     + rename 00list to series.
     + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
     + refresh enabled patches to avoid potential problems with buildds.
     + escape minus signs from manpages.
     + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
     + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
     + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
   * debian/xpdf-common.postint:
     + don't use command with path in maintainer script.
   * debian/watch:
     + create watch file.
   * debian/xpdf.desktop:
     + remove obsolete indication of encoding.
     + remove custom category "PDFViewer".
   * debian/xpdf-reader.menu:
     + update obsolete section Apps -> Applications.
   * debian/xpdf-reader.dirs:
     + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
   * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).
Checksums-Sha1: 
 607071a95905109f13e39d88a3d802abe265e508 1321 xpdf_3.02-2.dsc
 6b99897cd07f370c9e7e4e4d8d74a03fa4beb805 57073 xpdf_3.02-2.debian.tar.gz
 ca085c742070463e7cbbf27affdc3e44859f66b3 1294 xpdf_3.02-2_all.deb
 942d2a45a6cd70c6d3951049c329032c374cf1e7 68622 xpdf-common_3.02-2_all.deb
 77c8b97a14881bd9f7be8e18184b66437b2eab7c 524810 xpdf-reader_3.02-2_amd64.deb
 bc16ee7750abcde975b8211d012a694cd7834388 2140428 xpdf-utils_3.02-2_amd64.deb
Checksums-Sha256: 
 43862bc71603b126b3c602dac8fb0e490fdb5fc980b51d6002d7391749d5a867 1321 xpdf_3.02-2.dsc
 527042891fde9694688ec218e772e9e78e7f9294986a19e4c2022a7be94c6343 57073 xpdf_3.02-2.debian.tar.gz
 7e330badd3ceab5b125ff37ec92f6ad8f9e4a08ee618d76da5117aea205b8e8b 1294 xpdf_3.02-2_all.deb
 862a6b4105f1f6c32811ee7525c38713f6c56d1bc65fbc499158e403f3e48fb1 68622 xpdf-common_3.02-2_all.deb
 6f9767adcf661ad174e58b7390540a307a6b2cdb14dd63f6dec597c74d879bb4 524810 xpdf-reader_3.02-2_amd64.deb
 bcd2994cad3e16fe788c282a845031fdf5d067a33c6b4d98e62ce0ee224e4ebe 2140428 xpdf-utils_3.02-2_amd64.deb
Files: 
 e36204000e4e06931ca4808c002e6248 1321 text optional xpdf_3.02-2.dsc
 abb34293474707aee36c17f27418b7c8 57073 text optional xpdf_3.02-2.debian.tar.gz
 6f1f9e17b791d2f06fa12c9daad1ee95 1294 text optional xpdf_3.02-2_all.deb
 687e4a1cbc5d3a1a0fe4ce0972fb6792 68622 text optional xpdf-common_3.02-2_all.deb
 1248466dacd12cba1f5a3757484966fb 524810 text optional xpdf-reader_3.02-2_amd64.deb
 1ec0d9c7531e1e734e2254fdc63795ff 2140428 text optional xpdf-utils_3.02-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku3f2QACgkQHYflSXNkfP/k+QCeKrw6JB+NiXhAOJPlS3KiaAFC
yp8An3a07d6QEolNDZCeqoZEGPIHS288
=MjTQ
-----END PGP SIGNATURE-----

Message #29 received at 551287-close@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>

To: 551287-close@bugs.debian.org

Subject: Bug#551287: fixed in xpdf 3.02-1.4+lenny2

Date: Sun, 18 Apr 2010 01:55:04 +0000

Source: xpdf
Source-Version: 3.02-1.4+lenny2

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.02-1.4+lenny2_all.deb
  to main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb
xpdf-reader_3.02-1.4+lenny2_i386.deb
  to main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_i386.deb
xpdf-utils_3.02-1.4+lenny2_i386.deb
  to main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_i386.deb
xpdf_3.02-1.4+lenny2.diff.gz
  to main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz
xpdf_3.02-1.4+lenny2.dsc
  to main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc
xpdf_3.02-1.4+lenny2_all.deb
  to main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551287@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 22 Mar 2010 17:07:50 -0300
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all i386
Version: 3.02-1.4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Hamish Moffatt <hamish@debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 551287
Changes: 
 xpdf (3.02-1.4+lenny2) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixes multiple security issues (Closes: #551287):
     - CVE-2009-1188 and CVE-2009-3603:
       Integer overflow in SplashBitmap::SplashBitmap which might allow remote
       attackers to execute arbitrary code or an application crash via a crafted
       PDF document.
     - CVE-2009-3604:
       NULL pointer dereference or heap-based buffer overflow in
       Splash::drawImage which might allow remote attackers to cause a denial of
       service (application crash) or possibly execute arbitrary code via a
       crafted PDF document.
     - CVE-2009-3606:
       Integer overflow in the PSOutputDev::doImageL1Sep which might allow
       remote attackers to execute arbitrary code via a crafted PDF document.
     - CVE-2009-3608:
       Integer overflow in the ObjectStream::ObjectStream which might allow
       remote attackers to execute arbitrary code via a crafted PDF document.
     - CVE-2009-3609:
       Integer overflow in the ImageStream::ImageStream which might allow
       remote attackers to cause a denial of service via a crafted PDF
       document.
Checksums-Sha1: 
 23f1907d3f4d2ca0dbecda240917c7243711bd11 1274 xpdf_3.02-1.4+lenny2.dsc
 d5968e5a0e8143bffafc42268303e90f7d7fed69 44597 xpdf_3.02-1.4+lenny2.diff.gz
 412b9ac40836deab02e1de28a5601417bc0c7415 1270 xpdf_3.02-1.4+lenny2_all.deb
 23ea3b75125c0885f774c22972f12b53137412eb 66414 xpdf-common_3.02-1.4+lenny2_all.deb
 48de8a31c12d92c8e0ff4484a98895eac383b93d 876446 xpdf-reader_3.02-1.4+lenny2_i386.deb
 a220195f12ec2be7cc0cbafbbea6a1235f6f4700 1611516 xpdf-utils_3.02-1.4+lenny2_i386.deb
Checksums-Sha256: 
 ab9f38563ad8dd6d1c5a06cd7aeea07184eddc33be6a5ac26e9ea33253092add 1274 xpdf_3.02-1.4+lenny2.dsc
 4f08f07b26625f3952583455bc7d286b14aa887e853c5273a6b712ddc3a0f929 44597 xpdf_3.02-1.4+lenny2.diff.gz
 e21ab043f15ce40b35d48ea8dd3152db735277b0c50953d6edefe35113c61a08 1270 xpdf_3.02-1.4+lenny2_all.deb
 2b5b45ecacef62cdf7eb9f3bdcf3eae0c036b5fb8d9066b398a64e4f4a968e1b 66414 xpdf-common_3.02-1.4+lenny2_all.deb
 532a0f4cf6622a7a19f3035ff609385663e39f8b134eb19cbe55ab4b3a94fa3c 876446 xpdf-reader_3.02-1.4+lenny2_i386.deb
 33c01a2f9a31899330a4b3d2356f520dd97f692fa9085abce940aad6060f1c09 1611516 xpdf-utils_3.02-1.4+lenny2_i386.deb
Files: 
 6cffe3ed50825b5a2746b71c4bd073ac 1274 text optional xpdf_3.02-1.4+lenny2.dsc
 d25be5fd97c9d9171db95025b7c32c5a 44597 text optional xpdf_3.02-1.4+lenny2.diff.gz
 6a4da9738ca93522b57cafadb598ca65 1270 text optional xpdf_3.02-1.4+lenny2_all.deb
 24f28ede9dcaeeb2b7aa24b9603496be 66414 text optional xpdf-common_3.02-1.4+lenny2_all.deb
 c6e9ebb6d5873552e886e33d92aa4f49 876446 text optional xpdf-reader_3.02-1.4+lenny2_i386.deb
 c73e47d9c96298940bd458c7e8879209 1611516 text optional xpdf-utils_3.02-1.4+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuuXw0ACgkQQWTRs4lLtHnqPwCgrAN8UTzSMIsHZghcri/vMcvE
CVYAoLigcS8qK2KiBK8mQW2tuB0GUhBt
=PxvG
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.