Date: Tue, 16 Nov 2004 23:44:50 +0100 From: Hilko Meyer <hilko.meyer@gmx.de> To: josef@FreeBSD.org Cc: security@FreeBSD.org Subject: Re: Problem with cups/xpdf Message-ID: <8uvkp0t1u3h86hl2hjniukcl0b6rvf0ki0@4ax.com>
next in thread | raw e-mail | index | archive | help
Josef El-Rayes wrote >Josef El-Rayes <josef at freebsd.org>: >> Michael Nottebrock <michaelnottebrock at gmx.net>: >> > > I am trying to upgrade my cups-port with an up-to-date ports-tree.= It fails >> > > because of the xpdf-vulnurability. But my xpdf-port is the most = recent one >> > > and I think that the vulnurability was handelt in this version (if= I can >> > > believ the cvs-comment). >> > > >> > > =3D=3D=3D> cups-base-1.1.22.0 has known vulnerabilities: >> > > >> xpdf -- integer overflow vulnerabilities. >> > > >> > > Reference: >> > > = <http://www.FreeBSD.org/ports/portaudit/ad2f3337-26bf-11d9-9289-000c41e2c= da >> > >d .html> >> >=20 >> > The vuxml entry is wrong, vid ad2f3337-26bf-11d9-9289-000c41e2cdad = has=20 >> > <range><ge>0</ge></range> but needs <range><lt>1.1.21</lt></range>. >> >=20 >>=20 >> Yes, you are absolutely right, I will correct the wrong range(s). > >Okay I was a bit too fast, where did you find that the cups people fixed >this issue in their new release? Look at http://www.cups.org/relnotes.php I think, that's this one: | Changes in CUPS v1.1.22rc2: | The pdftops filter didn't check the range of all integer attributes = (STR #972) STR #972 links to http://www.cups.org/str.php?L972 | Michael Sweet | 14:10 Oct 20, 2004 The Xpdf-based pdftops filter has a range checking = bug which could cause buffer overflows and/or denial-of-service problems. Hilko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8uvkp0t1u3h86hl2hjniukcl0b6rvf0ki0>