Bug 24295

Summary: Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3704
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: kdegraphicsAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 Keywords: security
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/41596/

Description Vladimir Lettiev 2010-10-14 09:12:07 MSD
+++ Данная ошибка создана размножением ошибки 24286 +++

Affects kpdf:

1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer.

2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file.

https://rhn.redhat.com/errata/RHSA-2010-0753.html
Comment 1 Repository Robot 2010-10-15 21:23:36 MSD
kdegraphics-3.5.10-alt6 -> sisyphus:

* Thu Oct 14 2010 Sergey V Turchin <zerg@altlinux> 3.5.10-alt6
- CVE-2010-3702 CVE-2010-3704 (ALT#24295)