Le samedi 30 août 2008 à 19:32 +0200, Luk Claes a écrit : > -poppler (0.8.4-1.1) unstable; urgency=high > - * Non-maintainer upload by the Security Team. > - * Fix missing pageWidgets object initialization that could lead to > arbitrary > - code execution by a crafted PDF file when the Page destructor deletes > - the object which has not been initialized before > - (CVE-2008-2950.patch; Closes: #489756). > > Was this intentional and is the fix included or not? The fix is already included in upstream version 0.8.5, but they didn’t deem it worthy of a NEWS entry, apparently. I’ve updated the bug to mark which versions are vulnerable. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=