Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow
On Tue, Sep 25, 2007 at 10:56:08PM +1000, Steffen Joeris wrote:
> Package: kdegraphics
> Version: 4:3.5.7-3
> Severity: grave
> Tags: security
> Justification: user security hole
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for xpdf.
> | Stack-based buffer overflow in the StreamPredictor::getNextLine
> | function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
> | kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
> | remote attackers to execute arbitrary code via a crafted PDF file, a
> | different vulnerability than CVE-2007-3387.
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
> You can find a patch on:
I'm overlooking something? Because that patch changes the same code than the patch:
applied to fix CVE-2007-3387