[ubuntu/maverick-security] xpdf, xpdf (delayed) 3.02-9ubuntu1.1 (Accepted)

Fri Jan 21 20:03:30 UTC 2011

xpdf (3.02-9ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
    cause a denial of service (crash) via unknown vectors that trigger an
    uninitialized pointer dereference. (LP: #701220)
    - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
    - CVE-2010-3702
  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
    attackers to cause a denial of service (crash) and possibly execute
    arbitrary code via a PDF file with a crafted Type1 font that contains a
    negative array index, which bypasses input validation and which triggers
    memory corruption. (LP: #701220)
    - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
    - CVE-2010-3704

Date: Thu, 20 Jan 2011 17:05:14 -0500
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/xpdf/3.02-9ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 20 Jan 2011 17:05:14 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-9ubuntu1.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Launchpad-Bugs-Fixed: 701220
Changes: 
 xpdf (3.02-9ubuntu1.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
     cause a denial of service (crash) via unknown vectors that trigger an
     uninitialized pointer dereference. (LP: #701220)
     - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
     - CVE-2010-3702
   * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
     attackers to cause a denial of service (crash) and possibly execute
     arbitrary code via a PDF file with a crafted Type1 font that contains a
     negative array index, which bypasses input validation and which triggers
     memory corruption. (LP: #701220)
     - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
     - CVE-2010-3704
Checksums-Sha1: 
 3949b7ff0c6f76d71a2f8d96e41cb7c7a88c6c98 2076 xpdf_3.02-9ubuntu1.1.dsc
 a8462976b747726822d4bfc47676df6ffe808df2 61952 xpdf_3.02-9ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 9368f496c7a80203b6584b08c9203466c8639244191442e0bcc46b982e4799bb 2076 xpdf_3.02-9ubuntu1.1.dsc
 d13aa9a1dac70c2df88873d9515aaab429244d95e497f86dd807726de98c7c12 61952 xpdf_3.02-9ubuntu1.1.debian.tar.gz
Files: 
 b71f8450847cee705ec56982ca91b387 2076 text optional xpdf_3.02-9ubuntu1.1.dsc
 951c126bf40c72c2b19e815436853510 61952 text optional xpdf_3.02-9ubuntu1.1.debian.tar.gz
Original-Maintainer: Michael Gilbert <michael.s.gilbert at gmail.com>