Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130228065316.GA5094@elende>
Date: Thu, 28 Feb 2013 07:53:16 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: poppler 0.22.1 security fixes

Hi Kurt

Just noticed the following and wanted to ask:

On Wed, Feb 27, 2013 at 08:39:40PM -0700, Kurt Seifried wrote:
> > So far I see: 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
> >
> > 
> Fix invalid memory access in 1150.pdf.asan.8.69
> > 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
> >
> > 
> Fix invalid memory access in 2030.pdf.asan.69.463
> > 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa
> >
> > 
> Fix another invalid memory access in 1091.pdf.asan.72.42
> > 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696
> >
> > 
> Fix invalid memory accesses in 1091.pdf.asan.72.42
> > 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959
> >
> > 
> Fix invalid memory accesses in 1036.pdf.asan.23.17
> 
> Please use CVE-2013-1788 for these invalid memory issues.
             ^^^^^^^^^^^^^
> 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2
> >
> > 
> Fix crash in broken file 1031.pdf.asan.48.15
> > 
> > http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
> >
> > 
> Do not crash in broken documents like 1007.pdf.asan.48.4
> 
> Please use CVE-2013-1788 for these crash issues.
             ^^^^^^^^^^^^^

Was this intentional that there where both assigned CVE-2013-1788, for
both the 'invalid memory issues' and the 'crash issues'?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.