On Mon, Jan 22, 2007 at 08:06:29AM +0100, Ondřej Surý wrote: > * SECURITY UPDATE: Denial of Service. > * New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree > to > 100 to avoid infinite loop with crafted documents; CVE-2007-0104; from > Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update; >
For info, we do have this tracked as fixed in 0.4.5-5.1 but:
Notes:
hardly a security issue; if someone sends someone a crafted PDF file
triggering such an endless loop the user will simply abort kpdf and
never look at that file again, this is only denial of service by a
_very_ far stretch of imagination. I suppose KDE Security only issued
an update for it because the shared underlying code was part of the
Month of Apple Bugs and they wanted to debunk claims of code
injection. Check the other usual suspects.
I'd suggest a minimum 5 day wait.
Neil
--
<moray> hm, maybe wearing a black t-shirt while dusting my bedroom for the
first time in years wasn't such a good idea
signature.asc
Description: Digital signature
