oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: poppler 0.22.1 security fixes

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 28 Feb 2013 07:53:16 +0100
Hi Kurt

Just noticed the following and wanted to ask:

On Wed, Feb 27, 2013 at 08:39:40PM -0700, Kurt Seifried wrote:

So far I see: 
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492



Fix invalid memory access in 1150.pdf.asan.8.69


http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888



Fix invalid memory access in 2030.pdf.asan.69.463


http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa



Fix another invalid memory access in 1091.pdf.asan.72.42


http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696



Fix invalid memory accesses in 1091.pdf.asan.72.42


http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959



Fix invalid memory accesses in 1036.pdf.asan.23.17

Please use CVE-2013-1788 for these invalid memory issues.

             ^^^^^^^^^^^^^



http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2



Fix crash in broken file 1031.pdf.asan.48.15


http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec



Do not crash in broken documents like 1007.pdf.asan.48.4

Please use CVE-2013-1788 for these crash issues.

             ^^^^^^^^^^^^^

Was this intentional that there where both assigned CVE-2013-1788, for
both the 'invalid memory issues' and the 'crash issues'?

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: