Package: poppler Version: 0.4.3-1 Severity: critical Tags: security patch Hi!
Chris Evans found some more integer overflows in the xpdf code [1] which affect poppler as well. [1] also has demo exploit PDFs for patch checking. In addition, upstream used a slightly wrong patch for CVE-2005-3192, I reported that as [2] and included the fix in the latest Ubuntu version. See [4] for the Ubuntu debdiff. I also forwarded the patch upstream [3]. Thanks, Martin [1] http://scary.beasts.org/security/b0dfca810501f2da/CESA-2005-003.txt [2] https://bugs.freedesktop.org/show_bug.cgi?id=5514 [3] https://bugs.freedesktop.org/show_bug.cgi?id=5516 [4] http://patches.ubuntu.com/patches/poppler.CVE-2005-3624_5_7.diff -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature