Bug 62624 (suse47624)

Summary: VUL-0: tetex uses xpdf code
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: burnus, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2004-10-26 19:44:31 UTC 
Hello Werner, 
looks like tetext uses xpdf code. 
(./tetex-src-2.0.2/libs/xpdf/xpdf/) 
 
bug# 43082 
bug# 44963 
bug# 47538
Comment 1 Thomas Biege 2004-10-26 19:44:31 UTC 
<!-- SBZ_reproduce  -->
Date: Tue, 26 Oct 2004 13:25:57 +0200 
From: Tobias Burnus <burnus@net-b.de> 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040906 
To: Thomas Biege <thomas@suse.de> 
Subject: Re: [suse-security-announce] SUSE Security Announcement: xpdf, gpdf, 
 kpdf, pdftohtml, cups  (SUSE-SA:2004:039) 
 
Hallo, 
 
Thomas Biege wrote: 
 
>        Package:                xpdf, gpdf, kdegraphics3-pdf, 
>pdftohtml, cups 
 
Was ist mit /usr/bin/pdftex (tetex-2.0.2-190)? 
  strings /usr/bin/pdftex |grep xpdf 
zeigt, daà es die xpdf-Bibliotheken gelinkt hat. 
 
Ich verwende es zum Beispiel als "pdfnup": 
  texexec --pdfcombine --combination=2*1 --result=result.pdf file.pdf 
 
GruÃ, 
 
Tobias
Comment 2 Dr. Werner Fink 2004-10-26 22:12:55 UTC 
*** Bug 62538 has been marked as a duplicate of this bug. ***
Comment 3 Dr. Werner Fink 2004-10-26 22:16:24 UTC 
I've put for 8.1, 8.2, 9.0, 9.1, and 9.2 the
fixed tetex package at /work/src/done/, also
the pachtinfo files for the boxes and the
SLES9 I've submitted.

Btw: What happens with SLES8?
Comment 4 Marcus Meissner 2004-10-26 22:20:23 UTC 
<!-- SBZ_reopen -->Reopened by meissner@suse.de at Tue Oct 26 16:20:23 2004, took initial reporter thomas@suse.de to cc
Comment 5 Marcus Meissner 2004-10-26 22:20:23 UTC 
sles8 does not include tetex. 
 
reopen for tracking
Comment 6 Marcus Meissner 2004-10-26 22:20:40 UTC 
-> thomas for tracking
Comment 7 Marcus Meissner 2004-10-27 19:11:47 UTC 
what about the te_pdf subpackage? it appears to link against the xpdf stuff 
too. apparently not listed in the patchinfos.
Comment 8 Marcus Meissner 2004-11-11 23:44:41 UTC 
werner, we need to redo the patches, there were more issues. 
 
see BUG#43082
Comment 9 Dr. Werner Fink 2004-11-11 23:50:15 UTC 
Then give me the patches for

        SuSE Linux 8.1
        SuSE Linux 8.2 - 9.2

or tell me _which_ attachment is required.
Comment 10 Dr. Werner Fink 2004-11-13 00:37:54 UTC 
Fixed for SuSE Linux 8.1 and SuSE Linux 8.2 - 9.2, also for STABLE
patchinfo's for boxes and products are submitted.
Comment 11 Marcus Meissner 2004-11-15 17:53:18 UTC 
<!-- SBZ_reopen -->Reopened by meissner@suse.de at Mon Nov 15 10:53:18 2004
Comment 12 Marcus Meissner 2004-11-15 17:53:18 UTC 
thanks werner! 
 
reopen for tracking
Comment 14 Thomas Biege 2004-11-19 23:01:29 UTC 
approved
Comment 15 Thomas Biege 2004-11-22 23:07:29 UTC 
now really ;)