Martin Pitt <[EMAIL PROTECTED]> wrote: > Hi! > > I'm currently preparing Ubuntu security updates for these issues, and > I noticed that the upstream provided patch is wrong. I sent the mail > below to upstream (and some others). > > Can you please check that you indeed fixed (tetex-bin)/will fix > (poppler) DCTStream::readProgressiveSOF(), too? [...] > It seems that the patch linked from these advisories [1] is a little > bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(), > but does not check it in DCTStream::readProgressiveSOF().
We have the same flaw in our upload. Would you be so kind and check the updated patch at http://svn.debian.org/wsvn/pkg-tetex/tetex-bin/trunk/debian/patches/patch-CVE-2005-3191+2+3?op=file&rev=0&sc=0 I'm completely illerate in C++, and would like to make sure this is correct. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer