On Mon, Jan 22, 2007 at 08:06:29AM +0100, Ondřej Surý wrote: > * SECURITY UPDATE: Denial of Service. > * New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree > to > 100 to avoid infinite loop with crafted documents; CVE-2007-0104; from > Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update;
On Mon, Jan 22, 2007 at 07:46:45AM +0000, Neil McGovern wrote: > For info, we do have this tracked as fixed in 0.4.5-5.1 but: > Notes: > hardly a security issue; if someone sends someone a crafted PDF file > triggering such an endless loop the user will simply abort kpdf and > never look at that file again, this is only denial of service by a > _very_ far stretch of imagination. I suppose KDE Security only issued > an update for it because the shared underlying code was part of the > Month of Apple Bugs and they wanted to debunk claims of code > injection. Check the other usual suspects. > I'd suggest a minimum 5 day wait. Agreed, unblocked and set to 5-day wait. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
