Le vendredi, 27 février 2015, 04.39:08 Ben Hutchings a écrit : > On Fri, 2015-02-27 at 03:17 +0000, Ben Hutchings wrote: > > This does not fix the bug! > > I cherry-picked git commit 6c087a72a0708bcb7929955c75770ee364755c42 > ("Add some range checking (probably more to come) to avoid divide-by-0 > errors."), after which the critical hunk of the patch for > CVE-2014-9679 applied cleanly. With Didier's original patch, > > zcat bogus.raster.gz | rastertohp foo bar baz 1 '' > > still crashes (segmentation fault). With the two patches applied, it > fails cleanly (no pages found). I was still able to print a test page > (though I'm not certain that this uses the raster filter code in my > configuration). > > So I've uploaded with those two patches applied. Thanks! I've now updated the VCS with your patches. http://anonscm.debian.org/cgit/printing/cups.git/log/?h=master-squeeze-lts OdyX
Description: This is a digitally signed message part.