← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

PublicDateAtUSN: 2007-11-07
PublicDate: 2007-11-07
Candidate: CVE-2007-4352
References: 
 RHSA-2007:1026-01 (poppler)
 RHSA-2007:1027-02 (tetex-base)
 RHSA-2007:1029-01 (xpdf)
 RHSA-2007:1025-01 (gpdf)
 http://www.ubuntu.com/usn/usn-542-1
 http://www.ubuntu.com/usn/usn-542-2
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
Description:
 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf
 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF
 file, resulting in a heap-based buffer overflow.
Ubuntu-Description: 
Notes: 
 jdstrand> cupsys on Ubuntu is not directly affected as it depends on
   poppler-utils or xpdf-utils.  poppler-utils is in main and gets pulled in on 
   installation of cupsys.
 jdstrand> koffice fixed in debian 1:1.6.3-4
 fujitsu> ipe doesn't contain the vulnerable code.
Bugs: 
Priority: medium
Assigned-to: jdstrand

Patches_xpdf:
 patch: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/129940
 debdiff: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944
upstream_xpdf: released (3.02pl2)
dapper_xpdf: ignored (reached end-of-life)
edgy_xpdf: needed (reached end-of-life)
feisty_xpdf: needed (reached end-of-life)
gutsy_xpdf: released (3.02-1.2ubuntu1.1)
hardy_xpdf: not-affected (3.02-1.3ubuntu1)
intrepid_xpdf: not-affected (3.02-1.3ubuntu1)
jaunty_xpdf: not-affected (3.02-1.3ubuntu1)
karmic_xpdf: not-affected (3.02-1.3ubuntu1)
devel_xpdf: not-affected (3.02-1.3ubuntu1)

upstream_koffice: needed
dapper_koffice: released (1:1.5.0-0ubuntu9.3)
edgy_koffice: released (1:1.5.2-0ubuntu2.3)
feisty_koffice: released (1:1.6.2-0ubuntu1.2)
gutsy_koffice: released (1:1.6.3-0ubuntu5.1)
hardy_koffice: released (1:1.6.3-4)
intrepid_koffice: released (1:1.6.3-4)
jaunty_koffice: released (1:1.6.3-4)
karmic_koffice: released (1:1.6.3-4)
devel_koffice: released (1:1.6.3-4)

upstream_poppler: released (0.6.2)
dapper_poppler: released (0.5.1-0ubuntu7.3)
edgy_poppler: released (0.5.4-0ubuntu4.3)
feisty_poppler: released (0.5.4-0ubuntu8.2)
gutsy_poppler: released (0.6-0ubuntu2.1)
hardy_poppler: released (0.6.2-1)
intrepid_poppler: released (0.6.2-1)
jaunty_poppler: released (0.6.2-1)
karmic_poppler: released (0.6.2-1)
devel_poppler: released (0.6.2-1)

upstream_tetex-bin: 
dapper_tetex-bin: not-affected (linked to poppler)
edgy_tetex-bin: not-affected (linked to poppler)
feisty_tetex-bin: not-affected (linked to poppler)
gutsy_tetex-bin: DNE
hardy_tetex-bin: DNE
intrepid_tetex-bin: DNE
jaunty_tetex-bin: DNE
karmic_tetex-bin: DNE
devel_tetex-bin: DNE

upstream_texlive-bin: 
dapper_texlive-bin: DNE
edgy_texlive-bin: not-affected (linked to poppler)
feisty_texlive-bin: not-affected (linked to poppler)
gutsy_texlive-bin: not-affected (linked to poppler)
hardy_texlive-bin: not-affected (linked to poppler)
intrepid_texlive-bin: not-affected (linked to poppler)
jaunty_texlive-bin: not-affected (linked to poppler)
karmic_texlive-bin: not-affected (linked to poppler)
devel_texlive-bin: not-affected (linked to poppler)

upstream_kdegraphics: 
dapper_kdegraphics: not-affected (linked to poppler)
edgy_kdegraphics: not-affected (linked to poppler)
feisty_kdegraphics: not-affected (linked to poppler)
gutsy_kdegraphics: not-affected (linked to poppler)
hardy_kdegraphics: not-affected (linked to poppler)
intrepid_kdegraphics: not-affected (linked to poppler)
jaunty_kdegraphics: not-affected (linked to poppler)
karmic_kdegraphics: not-affected (linked to poppler)
devel_kdegraphics: not-affected (linked to poppler)

upstream_gpdf: 
dapper_gpdf: ignored (reached end-of-life)
edgy_gpdf: needed (reached end-of-life)
feisty_gpdf: DNE
gutsy_gpdf: DNE
hardy_gpdf: DNE
intrepid_gpdf: DNE
jaunty_gpdf: DNE
karmic_gpdf: DNE
devel_gpdf: DNE

upstream_pdftohtml: 
dapper_pdftohtml: ignored (reached end-of-life)
edgy_pdftohtml: needed (reached end-of-life)
feisty_pdftohtml: needed (reached end-of-life)
gutsy_pdftohtml: DNE
hardy_pdftohtml: DNE
intrepid_pdftohtml: DNE
jaunty_pdftohtml: DNE
karmic_pdftohtml: DNE
devel_pdftohtml: DNE

upstream_libextractor: 
dapper_libextractor: released (0.5.12-1)
edgy_libextractor: released (0.5.12-1)
feisty_libextractor: released (0.5.12-1)
gutsy_libextractor: released (0.5.12-1)
hardy_libextractor: released (0.5.12-1)
intrepid_libextractor: released (0.5.12-1)
jaunty_libextractor: released (0.5.12-1)
karmic_libextractor: released (0.5.12-1)
devel_libextractor: released (0.5.12-1)

upstream_pdfkit.framework: 
dapper_pdfkit.framework: ignored (reached end-of-life)
edgy_pdfkit.framework: needed (reached end-of-life)
feisty_pdfkit.framework: needed (reached end-of-life)
gutsy_pdfkit.framework: DNE
hardy_pdfkit.framework: DNE
intrepid_pdfkit.framework: DNE
jaunty_pdfkit.framework: DNE
karmic_pdfkit.framework: DNE
devel_pdfkit.framework: DNE

upstream_ipe: not-affected
dapper_ipe: not-affected
edgy_ipe: not-affected
feisty_ipe: not-affected
gutsy_ipe: not-affected
hardy_ipe: not-affected
intrepid_ipe: not-affected
jaunty_ipe: not-affected
karmic_ipe: not-affected
devel_ipe: not-affected

upstream_cupsys: 
dapper_cupsys: not-affected
edgy_cupsys: not-affected
feisty_cupsys: not-affected
gutsy_cupsys: not-affected
hardy_cupsys: not-affected
intrepid_cupsys: DNE
jaunty_cupsys: DNE
karmic_cupsys: DNE
devel_cupsys: DNE

upstream_cups: 
dapper_cups: DNE
edgy_cups: DNE
feisty_cups: DNE
gutsy_cups: DNE
hardy_cups: DNE
intrepid_cups: not-affected
jaunty_cups: not-affected
karmic_cups: not-affected
devel_cups: not-affected