Hi! I'm currently preparing Ubuntu security updates for these issues, and I noticed that the upstream provided patch is wrong. I sent the mail below to upstream (and some others).
Can you please check that you indeed fixed (tetex-bin)/will fix
(poppler) DCTStream::readProgressiveSOF(), too?
Thanks,
Martin
----- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> -----
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED], Dirk Mueller <[EMAIL PROTECTED]>
Subject: Re: [vendor-sec] xpdf update - patch wrong?
Mail-Followup-To: [EMAIL PROTECTED], [EMAIL PROTECTED],
Dirk Mueller <[EMAIL PROTECTED]>
Date: Thu, 8 Dec 2005 11:20:37 +0100
X-Spam-Status: No, score=1.0 required=4.0 tests=AWL,BAYES_50,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB autolearn=no version=3.0.3
Hi Derek, hi Dirk, hi Vendor-Sec!
Josh Bressers [2005-12-06 13:50 -0500]:
> In the event any of you missed this:
>
> http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
> http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
It seems that the patch linked from these advisories [1] is a little
bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(),
but does not check it in DCTStream::readProgressiveSOF().
It *seems* that KDE spotted and removed the double check in their
kdegraphics patch [2], but unless they removed
DCTStream::readProgressiveSOF() (which could very well be, I didn't
check yet), these patches now have the same flaw.
Thanks,
Martin
[1] ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
[2]
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdegraphics-CAN-2005-3193.diff
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
----- End forwarded message -----
signature.asc
Description: Digital signature
