oss-security - Re: CVE Request: poppler 0.22.1 security fixes

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 28 Feb 2013 08:04:46 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: poppler 0.22.1 security fixes

On mer., 2013-02-27 at 20:39 -0700, Kurt Seifried wrote:
> Please use CVE-2013-1788 for these invalid memory issues.
> 
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2
> >
> > 
> Fix crash in broken file 1031.pdf.asan.48.15
> > 
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
> >
> > 
> Do not crash in broken documents like 1007.pdf.asan.48.4
> 
> Please use CVE-2013-1788 for these crash issues.

Is this a typo? Did you mean to write CVE-2013-1789 for the crash
issues?
> 
> 
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91
> >
> > 
> Initialize refLine totally
> > Fixes uninitialized memory read in 1004.pdf.asan.7.3
> 
> Please use CVE-2013-1790 for this uninitialized memory read issue.

-- 
Yves-Alexis

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.