Control: forwarded -1 https://sourceforge.net/p/podofo/mailman/message/36215539/
On Sun, Feb 04, 2018 at 01:24:53AM +0100, Matthias Brinke wrote: > CVE-2018-5295 from the security-tracker.debian.org: > In PoDoFo 0.9.5, there is an integer overflow in > the PdfXRefStreamParserObject::ParseStream function > (base/PdfXRefStreamParserObject.cpp). Remote attackers > could leverage this vulnerability to cause a denial-of-service > via a crafted pdf file. Right. For cross-reference, this is being dealt upstream by this thread that started the 6th of Jan: https://sourceforge.net/p/podofo/mailman/message/36180168/ > I've implemented a patch to fix this vulnerability, it is attached > and tested Thank you! I've forwarded it upstream, see the first url above. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature