This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)


Yaakov S (Cygwin Ports) wrote:
Xpdf is vulnerable to integer overflows that may be exploited to execute arbitrary code.

Solution: apply this patch to xpdf-3.01:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch



More information: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Now, in addition to the above, there's another heap overflow vulnerability. Isn't maintaining xpdf a lot of fun? :-)


Solution:  apply this patch (IN ADDITION to the others):
https://bugzilla.novell.com/attachment.cgi?id=66287

More information:
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml


Yaakov



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]