Hi! Hilmar Preusse [2006-01-23 18:30 +0100]: > On the DSA page Joey states, that the problem is solved for oldstable > too. The .orig.tar.gz contains a patched Stream.cc, which got the > same modifications as your patch contain, except the last hunk. I'm > attaching it. Could you evluate if the hunk is necessary. > If not I guess we're done here and can close #346086.
> @@ -3100,9 +3107,11 @@ int DCTStream::readMarker() {
> do {
> do {
> c = str->getChar();
> + if(c == EOF) return EOF;
> } while (c != 0xff);
> do {
> c = str->getChar();
> + if(c == EOF) return EOF;
> } while (c == 0xff);
> } while (c == 0x00);
> return c;
This is precisely the fix that is required to avoid endless loops with
prematurely ending PDF files (CVE-2005-3625). So it is not exploitable to
execute any code or something, but it's still a nasty DoS,
particularly in Cups. So I would prefer to apply it, especially since
it's such an easy and straightforward change.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
