Fedora has issued an advisory on March 3: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ANYTDA3PR32QQA3JHE5YYLMWNX5KGPOS/ It's not clear whether only 4.00 is affected by the issues or if older versions are also affected. It would be nice to get it updated, regardless. I looked into updating to 4.00 before and it looks like it'd be a good bit of work to sync it up with Fedora. Hopefully someone is willing to do it, as it doesn't have a maintainer and I believe I was the last one to update it, which I don't have time to do this time around.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Status comment: (none) => Fixed upstream in 4.01
Hi, xpdf-4.01.01-1.mga7 should fix those issues. Best regards, Nico.
CC: (none) => nicolas.salguero
Thanks! Looking at the Debian Security Tracker, 3.04 might be affected too. They say their 3.02 package is built against the system poppler library, which would solve the issues (Ubuntu says Poppler isn't affected). We could do the same.
Version: Cauldron => 6
Blocks: (none) => 25364
Mga 6 EOL
Resolution: (none) => WONTFIXStatus: NEW => RESOLVED
Please use OLD for EOL.
Resolution: WONTFIX => OLD