libpoppler possibly vulnerable

To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: Debian-teTeX-maint <debian-tetex-maint@lists.debian.org>
Subject: libpoppler possibly vulnerable
From: Hilmar Preusse <hille42@web.de>
Date: Mon, 16 May 2005 10:14:29 +0200
Message-id: <[🔎] 20050516081429.GB604@preusse>
Mail-followup-to: Debian Bug Tracking System <submit@bugs.debian.org>, Debian-teTeX-maint <debian-tetex-maint@lists.debian.org>

Package: libpoppler0
Version: 0.3.1-x
Severity: important

Hi,

there were recently some security issues in xpdf discovered
(CAN-2004-0888, CAN-2004-1125, CAN-2005-0064). According to Frank
Küster as of 21 Mar 2005 your package is vulnerable to CAN-2005-0206.
Please check if your package is still vulnerable to one of them and
fix it.
I'm filing that bug as important, cause according to
 "apt-cache rdepends libpoppler0"
no package uses your library and hence nobody is really affected.
Please raise the severity if you find your package has leaks.
  I'm attaching the patches we used to the leaks in tetex-bin.

Regards,
  Hilmar
-- 
sigmentation fault

Attachment: CAN.tar.bz2
Description: Binary data

Reply to:

Prev by Date: Bug#309152: tipa: upgrade problems related to tetex-bin
Next by Date: Bug#236967: Status of this bug?
Previous by thread: Re: correct thought that
Next by thread: Adobe+macromedia+OS etc all in CD under $99
Index(es):
- Date
- Thread