oss-sec mailing list archives
Re: CVE Request: poppler 0.22.1 security fixes
From: Yves-Alexis Perez <corsac () debian org>
Date: Thu, 28 Feb 2013 08:04:46 +0100
On mer., 2013-02-27 at 20:39 -0700, Kurt Seifried wrote:
Please use CVE-2013-1788 for these invalid memory issues.http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2Fix crash in broken file 1031.pdf.asan.48.15http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacecDo not crash in broken documents like 1007.pdf.asan.48.4 Please use CVE-2013-1788 for these crash issues.
Is this a typo? Did you mean to write CVE-2013-1789 for the crash issues?
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91Initialize refLine totallyFixes uninitialized memory read in 1004.pdf.asan.7.3Please use CVE-2013-1790 for this uninitialized memory read issue.
-- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE Request: poppler 0.22.1 security fixes Marcus Meissner (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Yves-Alexis Perez (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso (Feb 27)
- Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 27)