oss-sec mailing list archives
Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected}
From: Michael Gilbert <mgilbert () debian org>
Date: Mon, 12 Aug 2013 19:08:12 -0400
On Mon, Aug 12, 2013 at 4:22 PM, Kurt Seifried wrote:
I assume we'll SPLIT this? In past some xpdf/poppler issues have been merged circa 2010, but after that they appear to have been usually treated as separate: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=poppler http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xpdf
It's the same codebase, just slightly diverged, so I would argue no. In fact Debian's xpdf is unaffected once poppler is fixed since it links against it (and the issue is in poppler's Error.cc). I believe Gentoo does the same. Best wishes, Mike
Current thread:
- [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried (Aug 12)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert (Aug 12)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)