oss-sec mailing list archives
Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected}
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Aug 2013 14:22:48 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/10/2013 11:47 PM, mancha wrote:
Jan Lieskovsky <jlieskov@...> writes:Poppler upstream patch:http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response TeamHi. I've adapted Poppler's CVE-2012-2142 fix to xpdf-3.03 and posted here: http://sourceforge.net/projects/miscellaneouspa/files/misc/xpdf-3.03-CVE-2012-2142.diff --mancha
I assume we'll SPLIT this? In past some xpdf/poppler issues have been merged circa 2010, but after that they appear to have been usually treated as separate: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=poppler http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xpdf - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSCUQYAAoJEBYNRVNeJnmTC6gQANU/SwWPW8nRgWHGwjzf65uK pt5DxZfaD+CXdCClh54qrDxdo+LjGAo4UwZ3wnccZBZZPdz5332J3ReB+Mg87mSJ apj87d9ygLIPs9axHOeQfPUReg0b45fk+gZXepn1CnndXX5nyqB9yQxZxXxt51Qe aG5UDxIn/ZDXuc+NYQyEKY8pWHkSo/7kti19EPDLDbl3gZJQUglaOVozfiTdJT2j XE0sg+CBc4azEzBw3flEYJ3lXLGXw85RTDgt4/+KfqfqI4BrorfqYNgm9ZrhjSQO z2XomL/0zM4hVnJOLbdbUPICR3uekbDRY2ne/+zP4HebWg0ckY4Jhm9kTMU6eVVo l2yIcw5CByfjTqg91yLItfBuGIxivj1W76Da0I6l8UNUDni6tj7ze3B2r27cYT4Y gTqOpUF7AUvxbLhu7Op7kHxQfsXcmpjWjK9EE7BwY8IAVmA4C+VOqciQISOIZZt5 0ejLvXasZxqGWmq570A9f2c4g5ADjr06shQW/KPl0Oo72PfUUni4SXHAf/YoE2M2 BgghaQ/mf/Q0nznLK60azKwypazcU4HziRwjaROz0qg8Q/5bpemcAfKTXbDQCHcq Gu97hqVYyXgHJyYcwbZ9QZBww3xIUtR7XaThIa8gqw/Xl9bufmBSn7HRxad1cHlh mKrmsatsNitCAbGcM3b2 =IeYL -----END PGP SIGNATURE-----
Current thread:
- [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried (Aug 12)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert (Aug 12)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)