On Mon, Jan 22, 2007 at 08:06:29AM +0100, Ondřej Surý wrote: > * SECURITY UPDATE: Denial of Service. > * New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree to > 100 to avoid infinite loop with crafted documents; CVE-2007-0104; from > Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update; > For info, we do have this tracked as fixed in 0.4.5-5.1 but: Notes: hardly a security issue; if someone sends someone a crafted PDF file triggering such an endless loop the user will simply abort kpdf and never look at that file again, this is only denial of service by a _very_ far stretch of imagination. I suppose KDE Security only issued an update for it because the shared underlying code was part of the Month of Apple Bugs and they wanted to debunk claims of code injection. Check the other usual suspects. I'd suggest a minimum 5 day wait. Neil -- <moray> hm, maybe wearing a black t-shirt while dusting my bedroom for the first time in years wasn't such a good idea
Attachment:
signature.asc
Description: Digital signature