From owner-freebsd-ports@FreeBSD.ORG Wed Nov 17 16:28:42 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EC6C16A4D2 for ; Wed, 17 Nov 2004 16:28:42 +0000 (GMT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id EEF9043D54 for ; Wed, 17 Nov 2004 16:28:37 +0000 (GMT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 3991 invoked by uid 65534); 17 Nov 2004 16:28:28 -0000 Received: from pD9E24473.dip.t-dialin.net (EHLO lofi.dyndns.org) (217.226.68.115) by mail.gmx.net (mp006) with SMTP; 17 Nov 2004 17:28:28 +0100 X-Authenticated: #443188 Received: from [192.168.8.4] (lofi@kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.10/8.12.10) with ESMTP id iAHGSOGA001570 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Wed, 17 Nov 2004 17:28:26 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: Josef El-Rayes Date: Wed, 17 Nov 2004 17:28:18 +0100 User-Agent: KMail/1.7.1 References: <20041116190015.GA29946@daemon.li> <20041116191859.GB29946@daemon.li> In-Reply-To: <20041116191859.GB29946@daemon.li> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2525145.zKnEG8gi9i"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411171728.22631.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new cc: Jonathan Weiss cc: freebsd-ports@freebsd.org cc: security@freebsd.org Subject: Re: Problem with cups/xpdf X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 16:28:42 -0000 --nextPart2525145.zKnEG8gi9i Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday, 16. November 2004 20:18, Josef El-Rayes wrote: > Josef El-Rayes : > > Michael Nottebrock : > > > > I am trying to upgrade my cups-port with an up-to-date ports-tree. = It > > > > fails because of the xpdf-vulnurability. But my xpdf-port is the mo= st > > > > recent one and I think that the vulnurability was handelt in this > > > > version (if I can believ the cvs-comment). > > > > > > > > =3D=3D=3D> cups-base-1.1.22.0 has known vulnerabilities: > > > > >> xpdf -- integer overflow vulnerabilities. > > > > > > > > Reference: > > > > > > >1e2cda d .html> > > > > > > The vuxml entry is wrong, vid ad2f3337-26bf-11d9-9289-000c41e2cdad has > > > 0 but needs 1.1.21. > > > > Yes, you are absolutely right, I will correct the wrong range(s). > > Okay I was a bit too fast, where did you find that the cups people fixed > this issue in their new release? http://www.cups.org/relnotes.php Changes in CUPS v1.1.22rc2: The pdftops filter didn't check the range of all integer attributes (STR #9= 72)=20 [...] =2E.. typo of mine there, it needs to be 1.1.22 =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --nextPart2525145.zKnEG8gi9i Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBm3wmXhc68WspdLARAsyhAKCSgpUWXKITBeJSL4tOxLhQ41g71ACgm49M zcy4yV6eV4igNkt9loVZtRk= =JWlJ -----END PGP SIGNATURE----- --nextPart2525145.zKnEG8gi9i--