[sflack-security] poppler (SFSA:2007-222-02)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] poppler (SFSA:2007-222-02)

A new poppler package is available for Sflack 12.0 to fix an
integer overflow.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387

Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/poppler-0.5.4-x86_64-2_sflack12.0.tgz:
Patched to fix an integer overflow in code borrowed from xpdf.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+


Where to find the new package:
+----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/poppler-0.5.4-x86_64-2_sflack12.0.tgz


MD5 signature:
+------------+

Sflack 12.0 package:
e75f38793ee35bdbcad12eac5ff3c452 poppler-0.5.4-x86_64-2_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg poppler-0.5.4-x86_64-2_sflack12.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGvYY6w79R6/xskD8RAoxaAJ0Xi+nGam5BxaHr3cbheDnz+MDAQgCg0CB3
o0Gt56oPhIxW+/U0EZ7VWhw=
=RMza
-----END PGP SIGNATURE-----