Problem with cups/xpdf
Hilko Meyer
hilko.meyer at gmx.de
Tue Nov 16 14:44:53 PST 2004
Josef El-Rayes wrote
>Josef El-Rayes <josef at freebsd.org>:
>> Michael Nottebrock <michaelnottebrock at gmx.net>:
>> > > I am trying to upgrade my cups-port with an up-to-date ports-tree. It fails
>> > > because of the xpdf-vulnurability. But my xpdf-port is the most recent one
>> > > and I think that the vulnurability was handelt in this version (if I can
>> > > believ the cvs-comment).
>> > >
>> > > ===> cups-base-1.1.22.0 has known vulnerabilities:
>> > > >> xpdf -- integer overflow vulnerabilities.
>> > >
>> > > Reference:
>> > > <http://www.FreeBSD.org/ports/portaudit/ad2f3337-26bf-11d9-9289-000c41e2cda
>> > >d .html>
>> >
>> > The vuxml entry is wrong, vid ad2f3337-26bf-11d9-9289-000c41e2cdad has
>> > <range><ge>0</ge></range> but needs <range><lt>1.1.21</lt></range>.
>> >
>>
>> Yes, you are absolutely right, I will correct the wrong range(s).
>
>Okay I was a bit too fast, where did you find that the cups people fixed
>this issue in their new release?
Look at http://www.cups.org/relnotes.php
I think, that's this one:
| Changes in CUPS v1.1.22rc2:
| The pdftops filter didn't check the range of all integer attributes (STR #972)
STR #972 links to
http://www.cups.org/str.php?L972
| Michael Sweet
| 14:10 Oct 20, 2004 The Xpdf-based pdftops filter has a range checking bug which could cause buffer overflows and/or denial-of-service problems.
Hilko
More information about the freebsd-ports
mailing list