On Fri, Sep 28, 2018 at 08:32:25PM +0200, Markus Koschany wrote: > Package: poppler > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for poppler. > > CVE-2018-16646[0]: > | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause > | infinite recursion via a crafted file. A remote attacker can leverage > | this for a DoS attack.
For jessie the wrong patches got applied. They are based on MR 67, which didn't get merged in favour of the patch from MR 91. On a more general notice: This bug has virtually no security impact, it's hard too see why this change was made for an LTS release to begin with, but at least wait until it's applied/fixed in unstable before backporting. Cheers, Moritz