tag 702071 - moreinfo tag 702071 + confirmed found 702071 poppler/0.18.4-5 thanks
Hi, thanks for the tests cases, Salvatore. I've verified the issues, and the situation that I found for current wheezy+sid (= 0.18.4-5) is the following: Alle sabato 2 marzo 2013, Salvatore Bonaccorso ha scritto: > CVE-2013-1788[0]: > invalid memory issues This applies, but not with all the reported documents. > CVE-2013-1789[1]: > crash in broken documents This seems to not apply. > CVE-2013-1790[2]: > uninitialized memory read This applies. I will backport and test the appropriate fixes for this version of poppler, and then upload. Regarding stable, I will do the proper investigation (and eventually backport fixes as needed) once sid is fixed and the fixed version has successfully migrated to wheezy; this way I want to reduce the potential issues. Is that okay for the security team? -- Pino Toscano
signature.asc
Description: This is a digitally signed message part.
