Date: Wed, 17 Nov 2004 17:28:18 +0100 From: Michael Nottebrock <michaelnottebrock@gmx.net> To: Josef El-Rayes <josef@freebsd.org> Cc: security@freebsd.org Subject: Re: Problem with cups/xpdf Message-ID: <200411171728.22631.michaelnottebrock@gmx.net> In-Reply-To: <20041116191859.GB29946@daemon.li> References: <BDBFC2F5.1063A%tomonage2@gmx.de> <20041116190015.GA29946@daemon.li> <20041116191859.GB29946@daemon.li>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2525145.zKnEG8gi9i Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday, 16. November 2004 20:18, Josef El-Rayes wrote: > Josef El-Rayes <josef@freebsd.org>: > > Michael Nottebrock <michaelnottebrock@gmx.net>: > > > > I am trying to upgrade my cups-port with an up-to-date ports-tree. = It > > > > fails because of the xpdf-vulnurability. But my xpdf-port is the mo= st > > > > recent one and I think that the vulnurability was handelt in this > > > > version (if I can believ the cvs-comment). > > > > > > > > =3D=3D=3D> cups-base-1.1.22.0 has known vulnerabilities: > > > > >> xpdf -- integer overflow vulnerabilities. > > > > > > > > Reference: > > > > <http://www.FreeBSD.org/ports/portaudit/ad2f3337-26bf-11d9-9289-000= c4 > > > >1e2cda d .html> > > > > > > The vuxml entry is wrong, vid ad2f3337-26bf-11d9-9289-000c41e2cdad has > > > <range><ge>0</ge></range> but needs <range><lt>1.1.21</lt></range>. > > > > Yes, you are absolutely right, I will correct the wrong range(s). > > Okay I was a bit too fast, where did you find that the cups people fixed > this issue in their new release? http://www.cups.org/relnotes.php Changes in CUPS v1.1.22rc2: The pdftops filter didn't check the range of all integer attributes (STR #9= 72)=20 [...] =2E.. typo of mine there, it needs to be <lt>1.1.22</lt> =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --nextPart2525145.zKnEG8gi9i Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBm3wmXhc68WspdLARAsyhAKCSgpUWXKITBeJSL4tOxLhQ41g71ACgm49M zcy4yV6eV4igNkt9loVZtRk= =JWlJ -----END PGP SIGNATURE----- --nextPart2525145.zKnEG8gi9i--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411171728.22631.michaelnottebrock>