-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 22 Mar 2010 17:07:50 -0300 Source: xpdf Binary: xpdf xpdf-common xpdf-reader xpdf-utils Architecture: source all i386 Version: 3.02-1.4+lenny2 Distribution: stable-security Urgency: high Maintainer: Hamish Moffatt <hamish@debian.org> Changed-By: Luciano Bello <luciano@debian.org> Description: xpdf - Portable Document Format (PDF) suite xpdf-common - Portable Document Format (PDF) suite -- common files xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11 xpdf-utils - Portable Document Format (PDF) suite -- utilities Closes: 551287 Changes: xpdf (3.02-1.4+lenny2) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixes multiple security issues (Closes: #551287): - CVE-2009-1188 and CVE-2009-3603: Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. - CVE-2009-3604: NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. Checksums-Sha1: 23f1907d3f4d2ca0dbecda240917c7243711bd11 1274 xpdf_3.02-1.4+lenny2.dsc d5968e5a0e8143bffafc42268303e90f7d7fed69 44597 xpdf_3.02-1.4+lenny2.diff.gz 412b9ac40836deab02e1de28a5601417bc0c7415 1270 xpdf_3.02-1.4+lenny2_all.deb 23ea3b75125c0885f774c22972f12b53137412eb 66414 xpdf-common_3.02-1.4+lenny2_all.deb 48de8a31c12d92c8e0ff4484a98895eac383b93d 876446 xpdf-reader_3.02-1.4+lenny2_i386.deb a220195f12ec2be7cc0cbafbbea6a1235f6f4700 1611516 xpdf-utils_3.02-1.4+lenny2_i386.deb Checksums-Sha256: ab9f38563ad8dd6d1c5a06cd7aeea07184eddc33be6a5ac26e9ea33253092add 1274 xpdf_3.02-1.4+lenny2.dsc 4f08f07b26625f3952583455bc7d286b14aa887e853c5273a6b712ddc3a0f929 44597 xpdf_3.02-1.4+lenny2.diff.gz e21ab043f15ce40b35d48ea8dd3152db735277b0c50953d6edefe35113c61a08 1270 xpdf_3.02-1.4+lenny2_all.deb 2b5b45ecacef62cdf7eb9f3bdcf3eae0c036b5fb8d9066b398a64e4f4a968e1b 66414 xpdf-common_3.02-1.4+lenny2_all.deb 532a0f4cf6622a7a19f3035ff609385663e39f8b134eb19cbe55ab4b3a94fa3c 876446 xpdf-reader_3.02-1.4+lenny2_i386.deb 33c01a2f9a31899330a4b3d2356f520dd97f692fa9085abce940aad6060f1c09 1611516 xpdf-utils_3.02-1.4+lenny2_i386.deb Files: 6cffe3ed50825b5a2746b71c4bd073ac 1274 text optional xpdf_3.02-1.4+lenny2.dsc d25be5fd97c9d9171db95025b7c32c5a 44597 text optional xpdf_3.02-1.4+lenny2.diff.gz 6a4da9738ca93522b57cafadb598ca65 1270 text optional xpdf_3.02-1.4+lenny2_all.deb 24f28ede9dcaeeb2b7aa24b9603496be 66414 text optional xpdf-common_3.02-1.4+lenny2_all.deb c6e9ebb6d5873552e886e33d92aa4f49 876446 text optional xpdf-reader_3.02-1.4+lenny2_i386.deb c73e47d9c96298940bd458c7e8879209 1611516 text optional xpdf-utils_3.02-1.4+lenny2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuuXw0ACgkQQWTRs4lLtHnqPwCgrAN8UTzSMIsHZghcri/vMcvE CVYAoLigcS8qK2KiBK8mQW2tuB0GUhBt =PxvG -----END PGP SIGNATURE----- Accepted: xpdf-common_3.02-1.4+lenny2_all.deb to main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb xpdf-reader_3.02-1.4+lenny2_i386.deb to main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_i386.deb xpdf-utils_3.02-1.4+lenny2_i386.deb to main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_i386.deb xpdf_3.02-1.4+lenny2.diff.gz to main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz xpdf_3.02-1.4+lenny2.dsc to main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc xpdf_3.02-1.4+lenny2_all.deb to main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb