Hi Ana, * Ana Guerrero <ana@debian.org> [2007-09-26 12:42]: > On Tue, Sep 25, 2007 at 10:56:08PM +1000, Steffen Joeris wrote: [...] > > CVE-2007-5049[0]: > > | Stack-based buffer overflow in the StreamPredictor::getNextLine > > | function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3) > > | kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow > > | remote attackers to execute arbitrary code via a crafted PDF file, a > > | different vulnerability than CVE-2007-3387. > > > > If you fix this vulnerability please also include the CVE id > > in your changelog entry. > > > > You can find a patch on: > > ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch > > I'm overlooking something? Because that patch changes the same code than the patch: > > ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff > > applied to fix CVE-2007-3387 This patch is not the same. Look at the difference, your patch just changes the values in between the if statement. But the other patch changes also the place of the statement. I think the diff format used is a bit confusing, look at: http://cgit.freedesktop.org/poppler/poppler/diff/?id=c240daefe660ac3456dc0c5f5dc82aa53ebc3313&id2=1ba884b6b98ac8d755c9adc9f23a7a68d8b17b54 However I wonder that the changelog just mentions CVE-2007-3387 because mitre says they are not the same. I wrote them a mail about the exact difference. Anyway, the patch from freedesktop.org is correct. Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpXTQlBUpfIw.pgp
Description: PGP signature