Hi! Hilmar Preusse [2006-01-23 18:30 +0100]: > On the DSA page Joey states, that the problem is solved for oldstable > too. The .orig.tar.gz contains a patched Stream.cc, which got the > same modifications as your patch contain, except the last hunk. I'm > attaching it. Could you evluate if the hunk is necessary. > If not I guess we're done here and can close #346086.
> @@ -3100,9 +3107,11 @@ int DCTStream::readMarker() { > do { > do { > c = str->getChar(); > + if(c == EOF) return EOF; > } while (c != 0xff); > do { > c = str->getChar(); > + if(c == EOF) return EOF; > } while (c == 0xff); > } while (c == 0x00); > return c; This is precisely the fix that is required to avoid endless loops with prematurely ending PDF files (CVE-2005-3625). So it is not exploitable to execute any code or something, but it's still a nasty DoS, particularly in Cups. So I would prefer to apply it, especially since it's such an easy and straightforward change. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature