subject:"Bug#860995\: Correction for CVE\-2017\-8054 patch \(was\: Bug#860995\: libpodofo\: CVE\-2017\-8054 fix tested in unstable chroot, PoC generator source attached\)"

Bug#860995: Correction for CVE-2017-8054 patch (was: Bug#860995: libpodofo: CVE-2017-8054 fix tested in unstable chroot, PoC generator source attached)

2018-02-05 Thread Mattia Rizzolo

Control: tag -1 -fixed-upstream On Tue, Feb 06, 2018 at 01:26:00AM +0100, Matthias Brinke wrote: > I've investigated that and implemented a > correction, which I tested with -fsanitize=address (ASan) in > a Debian sid chroot (up-to-date, mostly? minimal) through > sbuild (from jessie-backports),

Bug#860995: Correction for CVE-2017-8054 patch (was: Bug#860995: libpodofo: CVE-2017-8054 fix tested in unstable chroot, PoC generator source attached)

2018-02-05 Thread Matthias Brinke

Hello Mattia, > Mattia Rizzolo has written on 21 December 2017 at 22:54: > > > Control: tag -1 patch > > On Thu, Dec 21, 2017 at 04:55:00PM +0100, Matthias Brinke wrote: >> I have simplified my fix for CVE-2017-8054 (stack overflow >> by infinite recursion from loop in pages tree) and tested