oss-sec mailing list archives

Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected}

From: mancha <mancha1 () hush com>
Date: Sun, 11 Aug 2013 05:47:32 +0000 (UTC)

Jan Lieskovsky <jlieskov@...> writes:

Poppler upstream patch:

http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40


Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


Hi. I've adapted Poppler's CVE-2012-2142 fix to xpdf-3.03 and posted
here:
http://sourceforge.net/projects/miscellaneouspa/files/misc/xpdf-3.03-CVE-2012-2142.diff

--mancha

Current thread:

[CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
  - Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
    - Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried (Aug 12)
    - Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert (Aug 12)