Bug 646460

Summary: Fix required for CVE-2010-3704, poppler, xpdf
Product: [openSUSE] openSUSE 11.2 Reporter: Forgotten User puKLX2-vO_ <forgotten_puKLX2-vO_>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: jsmeix
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 11.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User puKLX2-vO_ 2010-10-14 08:27:27 UTC 
User-Agent:       Mozilla/5.0 (compatible; Konqueror/4.5; Linux) KHTML/4.5.2 (like Gecko) SUSE

See

CVE-2010-3702
CVE-2010-3704

There are a fixes available for xpdf and the package poppler.

The other distributions already seem to have updates available. Just checked the poppler sources from the update repos (e.g. fofi/FoFiType1.cc). Here the bug's still open.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Johannes Meixner 2010-10-14 16:24:28 UTC 
FYI:
CUPS in openSUSE Factory 11.3 11.2, 11.1, and 11.0
cannot be directly affected by whatever xpdf/poppler issue
because /usr/lib/cups/filter/pdftops in CUPS cannot be affected
because it only acts as a wrapper/caller for /usr/bin/pdftops
which comes from xpdf/xpdf-tools or poppler.
Comment 2 Marcus Meissner 2010-10-15 13:11:40 UTC 
we are working on updates currently. t hanks for the heads up.

*** This bug has been marked as a duplicate of bug 642785 ***