[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please hint poppler 0.4.5-5.1

On Mon, Jan 22, 2007 at 08:06:29AM +0100, Ondřej Surý wrote:
>    * SECURITY UPDATE: Denial of Service.
>    * New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree to
>      100 to avoid infinite loop with crafted documents; CVE-2007-0104; from
>      Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update;

For info, we do have this tracked as fixed in 0.4.5-5.1 but:

  hardly a security issue; if someone sends someone a crafted PDF file
  triggering such an endless loop the user will simply abort kpdf and
  never look at that file again, this is only denial of service by a
  _very_ far stretch of imagination. I suppose KDE Security only issued
  an update for it because the shared underlying code was part of the
  Month of Apple Bugs and they wanted to debunk claims of code
  injection.  Check the other usual suspects.

I'd suggest a minimum 5 day wait.

<moray> hm, maybe wearing a black t-shirt while dusting my bedroom for the
	first time in years wasn't such a good idea

Attachment: signature.asc
Description: Digital signature

Reply to: