|
Message-ID: <1362035086.4116.23.camel@scapa>
Date: Thu, 28 Feb 2013 08:04:46 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: poppler 0.22.1 security fixes
On mer., 2013-02-27 at 20:39 -0700, Kurt Seifried wrote:
> Please use CVE-2013-1788 for these invalid memory issues.
>
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2
> >
> >
> Fix crash in broken file 1031.pdf.asan.48.15
> >
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
> >
> >
> Do not crash in broken documents like 1007.pdf.asan.48.4
>
> Please use CVE-2013-1788 for these crash issues.
Is this a typo? Did you mean to write CVE-2013-1789 for the crash
issues?
>
>
> >
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=b1026b5978c385328f2a15a2185c599a563edf91
> >
> >
> Initialize refLine totally
> > Fixes uninitialized memory read in 1004.pdf.asan.7.3
>
> Please use CVE-2013-1790 for this uninitialized memory read issue.
--
Yves-Alexis
Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.