Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Apr 2009 09:27:13 -0700 (PDT)
From:      Mark Foster <mark@foster.cc>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/133838: update port graphics/poppler (vulnerability fix)
Message-ID:  <20090418162713.B51A6B9E2@frau.foster.cc>
Resent-Message-ID: <200904181700.n3IH02sb037322@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         133838
>Category:       ports
>Synopsis:       update port graphics/poppler (vulnerability fix)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 18 17:00:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        FreeBSD 7.1-RELEASE-p3 i386
>Organization:
Credentia http://www.credentia.cc/
>Environment:
System: FreeBSD frau.foster.cc 7.1-RELEASE-p3 FreeBSD 7.1-RELEASE-p3 #6: Tue Feb 17 02:58:51 PST 2009 root@frau.foster.cc:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
Update to 0.10.6 to fix vulnerability	

security/vuxml entry also listed below

>How-To-Repeat:
	
>Fix:

	
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
   <vuln vid="50d233d9-374b-46ce-922d-4e6b3f777bef">
     <topic>poppler -- Poppler Multiple Vulnerabilities</topic>
     <affects>
       <package>
         <name>poppler</name>
         <range><lt>0.10.6</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
         <p>Secunia reports:</p>
         <blockquote cite=" http://secunia.com/advisories/34746/">;
           <p>Some vulnerabilities have been reported in Poppler which can be
exploited by malicious people to potentially compromise an
application using the library.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url> http://secunia.com/advisories/34746/</url>;
     </references>
     <dates>
       <discovery>2009-04-17</discovery>
       <entry>2009-04-18</entry>
     </dates>
   </vuln>


--- poppler.patch begins here ---
diff -ur poppler-old/Makefile poppler/Makefile
--- poppler-old/Makefile	2009-04-18 08:02:48.000000000 -0700
+++ poppler/Makefile	2009-04-18 08:53:45.000000000 -0700
@@ -7,7 +7,7 @@
 #
 
 PORTNAME=	poppler
-PORTVERSION=	0.10.5
+PORTVERSION=	0.10.6
 PORTREVISION?=	0
 CATEGORIES=	graphics print
 MASTER_SITES=	http://poppler.freedesktop.org/
diff -ur poppler-old/distinfo poppler/distinfo
--- poppler-old/distinfo	2009-04-18 08:02:48.000000000 -0700
+++ poppler/distinfo	2009-04-18 08:53:48.000000000 -0700
@@ -1,3 +1,3 @@
-MD5 (poppler-0.10.5.tar.gz) = 125f671a19707861132fb03e73b61184
-SHA256 (poppler-0.10.5.tar.gz) = cfd4115f787cac7f0f673be48e95c645a323dc5b6b756280e47e28faa5d98d92
-SIZE (poppler-0.10.5.tar.gz) = 1516687
+MD5 (poppler-0.10.6.tar.gz) = e1a2d98ba5a4199f20d7637a7d79a829
+SHA256 (poppler-0.10.6.tar.gz) = bcd78d674c4166af069afdb27af810c012e13cfd2b7b21f9dce63dd3f62bded1
+SIZE (poppler-0.10.6.tar.gz) = 1527715
--- poppler.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090418162713.B51A6B9E2>