Bug 133838 - update port graphics/poppler (vulnerability fix)
Summary: update port graphics/poppler (vulnerability fix)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-gnome (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-18 18:00 UTC by mark
Modified: 2009-04-18 19:40 UTC (History)
0 users

See Also:

Attachments
poppler.patch (926 bytes, patch)
2009-04-18 18:00 UTC, mark 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mark 2009-04-18 18:00:01 UTC 
Update to 0.10.6 to fix vulnerability	

security/vuxml entry also listed below

Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="50d233d9-374b-46ce-922d-4e6b3f777bef">
     <topic>poppler -- Poppler Multiple Vulnerabilities</topic>
     <affects>
       <package>
         <name>poppler</name>
         <range><lt>0.10.6</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>Secunia reports:</p>
         <blockquote cite=" http://secunia.com/advisories/34746/">
           <p>Some vulnerabilities have been reported in Poppler which can be
exploited by malicious people to potentially compromise an
application using the library.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url> http://secunia.com/advisories/34746/</url>
     </references>
     <dates>
       <discovery>2009-04-17</discovery>
       <entry>2009-04-18</entry>
     </dates>
   </vuln>
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2009-04-18 18:00:14 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2009-04-18 19:22:52 UTC 
marcus      2009-04-18 18:20:07 UTC

  FreeBSD ports repository

  Modified files:
    graphics/poppler     Makefile distinfo 
    graphics/poppler-qt4 Makefile 
  Log:
  Update to 0.10.6 to fix a set of vulnerabilities documented in
  http://secunia.com/advisories/34746/ .
  
  "Some vulnerabilities have been reported in Poppler which can be
  exploited by malicious people to potentially compromise an
  application using the library."
  
  PR:             133838
  Submitted by:   Mark Foster <mark@foster.cc>
  Approved by:    portmgr (implicit)
  
  Revision  Changes    Path
  1.11      +1 -1      ports/graphics/poppler-qt4/Makefile
  1.50      +1 -1      ports/graphics/poppler/Makefile
  1.27      +3 -3      ports/graphics/poppler/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Joe Marcus Clarke freebsd_committer freebsd_triage 2009-04-18 19:26:42 UTC 
State Changed
From-To: open->closed

Committed, thanks!
Comment 4 dfilter service freebsd_committer freebsd_triage 2009-04-18 19:34:29 UTC 
marcus      2009-04-18 18:26:26 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Document the recent poppler vulnerabilities fixed in 0.10.6.
  
  PR:             133838
  Submitted by:   Mark Foster <mark@foster.cc>
  Approved by:    portmgr (implicit)
  
  Revision  Changes    Path
  1.1916    +27 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"