diff options
| author |   Andrew Savchenko <bircoph@gentoo.org> | 2019-03-21 13:55:44 +0300 |
|---|---|---|
| committer | Andrew Savchenko <bircoph@gentoo.org> | 2019-03-21 14:00:31 +0300 |
| commit | 6b695c59184713a18e2a7809f40088eff130afb6 (patch) | |
| tree | f734a1947b6e746773993f9a7a52ea50e902f825 /app-text/xpdf/Manifest | |
| parent | kde-apps/kross-interpreters: Sort out USE_RUBY (diff) | |
| download | gentoo-6b695c59184713a18e2a7809f40088eff130afb6.tar.gz gentoo-6b695c59184713a18e2a7809f40088eff130afb6.tar.bz2 gentoo-6b695c59184713a18e2a7809f40088eff130afb6.zip | |
app-text/xpdf: security version bump
xpdf-4.01.01 fixes several vulnerabilities and problems reported by
Loginsoft, including CVE-2019-9589.
CVE-2019-9588 and CVE-2019-9587 are probably fixed as well, but it
is not clear from ChangeLog:
The PDFDoc(BaseStream) initializer wasn't working correctly.
Fixed a missing array bounds check in PSOutputDev. [Thanks to
Loginsoft for the bug report.]
^-- CVE-2019-9589
If the "U" string used for RC4 decryption is short, Adobe apparently
zero-pads it, so Xpdf now does the same.
^-- Maybe CVE-2019-9588
Pdffonts now checks more carefully for loops between objects.
^-- Looks like CVE-2019-9587
Fixed a problem parsing large real numbers. [Thanks to Loginsoft for
the bug report.]
Bug: https://bugs.gentoo.org/681112
Bug: https://bugs.gentoo.org/681140
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>
Diffstat (limited to 'app-text/xpdf/Manifest')
| -rw-r--r-- | app-text/xpdf/Manifest | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app-text/xpdf/Manifest b/app-text/xpdf/Manifest index 997f9a14c515..26970c5f24ce 100644 --- a/app-text/xpdf/Manifest +++ b/app-text/xpdf/Manifest @@ -1,3 +1,4 @@ +DIST xpdf-4.01.01.tar.gz 891962 BLAKE2B 500cec4091f1ea4fda2008febcfbbe758663d26a1a2a9842abd8630c41a29f6f9fa9839a4b286a2d42e8d686d33084335ad7aa5775c1142cc196b38ef70914d6 SHA512 e0b42195ba4858ecf2ec3c3c06a42eae742eb8567dca695a45a01185b606b399b5e45d220b24ed39782d1f9b1ee16f674129db3346d25b709bbb3f90ef078c22 DIST xpdf-4.01.tar.gz 891150 BLAKE2B 6280bf9d4c17894a22e63d3fdbe3c67679657121196f84964c1353cb2f09348c38de327f7a6259831afb2ff748340c94196eec11b24a442c6e76dbc170d62ac7 SHA512 327d8bcf1f30a0fdbbdc33e2262d4e7de44f28a0f42cc87bbee6b2a8059d8cca8ffa715f7e810f9b53deb690bf9744ae5e8cf86a101941b8103100ded89e36e6 DIST xpdf-arabic.tar.gz 1057 BLAKE2B 5889fa5704a805b152886043ee32082d5e60044fb96f91d429661f823d1ea9c929dcae22460421a7c26a7aae43d5926263fa2a1ea4c07e0e130e67f2fb0b6fab SHA512 1ddaee045c0c3576bda0ebf065021e66e1ac6673d6872aff8e8afb3bae33dd927d920d89761553bade040d20e4b60eb286131bdb2f2d75ec1e833b9a9ce58d3e DIST xpdf-chinese-simplified.tar.gz 918277 BLAKE2B ad41cc6ceae8d5295e49e6cb6356885a77dd314fd55cae95f4adf7ca597c7d86c0029b2767b1ecae86883d31cf9acc5d67997e1ab7871f10d2b6550734bb3b34 SHA512 1f016ff06301cf445546b380fe4cf0c1c9ef08b5e37bd392ca975b4a54fa43afbe251c31e14f216c68fb38dcf04f40ab5baf828586734efb7881a755f92cc49e |