Hello zyx, hello all, > Matthew Brincke <ma...@mailbox.org> has written on 8 February 2018 at 00:13: > > > Hello zyx, hello all, > > zyx <z...@gmx.us> has written on 4 February 2018 at 16:10: > > > > > > On Fri, 2018-01-26 at 07:34 +0100, zyx wrote: > > > I see. It looks like I did something wrong when testing the change. > > > When trying once again now I can confirm what you see, the change > > > does > > > fix the CVE. I do not know what I did wrong the last time, I'm sorry > > > about that. > > > > > > I committed the patch as revision 1872: > > > http://sourceforge.net/p/podofo/code/1872 > > > > Hi, > > I reverted the main part of the above change, because it causes > > use-after-free in test/unit/podofo-test, more details below. I left > > In the Debian Bug Tracking System [1] Matthias Brinke contributed a patch > which is a correction for the older one, to fix this bug. Of that patch > the first hunk is of interest here, the others are either already in, > tiny mostly-docs changes or would require discussion. >
pardon my error, please: it's the second hunk, not the first. It's correct in the commit which is indeed svn r1882: http://sourceforge.net/p/podofo/code/1882 Best regards, mabri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
