This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)

From: "Dr. Volker Zell" <Dr dot Volker dot Zell at oracle dot com>
To: cygwin-apps at cygwin dot com
Date: Tue, 14 Feb 2006 10:30:18 +0100
Subject: Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)
References: <43DED3A5.4050009@users.sourceforge.net> <43F144A1.8060509@users.sourceforge.net>

>>>>> Yaakov S writes:

    > Yaakov S (Cygwin Ports) wrote:
    >> Xpdf is vulnerable to integer overflows that may be exploited to
    >> execute arbitrary code.
    >> Solution: apply this patch to xpdf-3.01:
    >> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-text/xpdf/files/xpdf-3.01-sec-rollup.patch
    >> More information:
    >> http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

    > Now, in addition to the above, there's another heap overflow
    > vulnerability.  Isn't maintaining xpdf a lot of fun? :-)

I'll try packaging a new version this evening.

    > Yaakov

Ciao
  Volker

References:
- Re: Security advisory: xpdf (CVE-2005-3624/25/26/27)
  - From: Yaakov S (Cygwin Ports)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]