[UPDATED] Fedora Legacy Test Update Notification: gpdf

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 23 00:07:28 UTC 2006 

Fedora Core 3 packages were updated to add a missing signature.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-176751
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176751
2006-02-22
---------------------------------------------------------------------

Name        : gpdf
Versions    : fc1: gpdf-0.110-1.5.legacy
Versions    : fc2: gpdf-2.8.2-4.1.1.legacy
Versions    : fc3: gpdf-2.8.2-7.2.1.legacy
Summary     : viewer for Portable Document Format (PDF) files for GNOME
Description :
This is GPdf, a viewer for Portable Document Format (PDF) files for
GNOME. GPdf is based on the Xpdf program and uses additional GNOME
libraries for better desktop integration.

---------------------------------------------------------------------
Update Information:

An updated gpdf package that fixes several security issues is now
available.

The gpdf package is a GNOME based viewer for Portable Document Format
(PDF) files.

A flaw was discovered in gpdf. An attacker could construct a carefully
crafted PDF file that would cause gpdf to consume all available disk
space in /tmp when opened. The Common Vulnerabilities and Exposures
project assigned the name CVE-2005-2097 to this issue.

Several flaws were discovered in gpdf. An attacker could construct a
carefully crafted PDF file that could cause gpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192,
CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,
CVE-2005-3627 and CVE-2005-3628 to these issues.

Users of gpdf should upgrade to this updated package, which contains
backported patches to resolve these issues.

---------------------------------------------------------------------
Changelogs

fc1:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.110-1.5.legacy
- Use better patch for CVE-2004-0888 (from RHEL3 xpdf)
- Add patch for CVE-2005-3193

fc2:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.2-4.1.1.legacy
- Rebuilt as Fedora Legacy security update for Fedora Core 2
- Removed the desktop-file-utils dependencies

* Fri Jan 06 2006 Ray Strode <rstrode at redhat.com> 2.8.2-7.4
- Apply fix for CVE-2005-3624 (also covers CVE-2005-3193) (bug 176865)

* Wed Dec 14 2005 Ray Strode <rstrode at redhat.com> 2.8.2-7.3
- apply updated patch for CVE-2005-3193 (bug 175102)

fc3:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.2-7.2.1.legacy
- Rebuilt as Fedora Legacy security update for Fedora Core 3

* Fri Jan 06 2006 Ray Strode <rstrode at redhat.com> 2.8.2-7.4
- Apply fix for CVE-2005-3624 (also covers CVE-2005-3193) (bug 176865)

* Wed Dec 14 2005 Ray Strode <rstrode at redhat.com> 2.8.2-7.3
- apply updated patch for CVE-2005-3193 (bug 175102)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1:
646edd9bdaf07a2f74d0b9874a666f94dc4f7982
fedora/1/updates-testing/i386/gpdf-0.110-1.5.legacy.i386.rpm
23f1172453f4e6572bd5a5bebcf093fda9c9ef62
fedora/1/updates-testing/SRPMS/gpdf-0.110-1.5.legacy.src.rpm

fc2:
2798a8e5ba37214b4ad3d537aa38b65c62c9e7c7
fedora/2/updates-testing/i386/gpdf-2.8.2-4.1.1.legacy.i386.rpm
e6d36329145bd25d5646da0064124f4b3a3faf99
fedora/2/updates-testing/SRPMS/gpdf-2.8.2-4.1.1.legacy.src.rpm

fc3:
2a08ad7afb9cecc7e41d80603a536b191d85f776
fedora/3/updates-testing/i386/gpdf-2.8.2-7.2.1.legacy.i386.rpm
3d3ab23bea79b424aaac1c26e3c16a3dfbee7af0
fedora/3/updates-testing/SRPMS/gpdf-2.8.2-7.2.1.legacy.src.rpm
a434ff117af22aeacc3c76773fa6985be9c107c0
fedora/3/updates-testing/x86_64/gpdf-2.8.2-7.2.1.legacy.x86_64.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060222/6d14eaa8/attachment.sig>

More information about the fedora-legacy-list mailing list