Re: Please hint poppler 0.4.5-5.1
On Mon, Jan 22, 2007 at 08:06:29AM +0100, Ondřej Surý wrote:
> * SECURITY UPDATE: Denial of Service.
> * New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree to
> 100 to avoid infinite loop with crafted documents; CVE-2007-0104; from
> Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update;
On Mon, Jan 22, 2007 at 07:46:45AM +0000, Neil McGovern wrote:
> For info, we do have this tracked as fixed in 0.4.5-5.1 but:
> Notes:
> hardly a security issue; if someone sends someone a crafted PDF file
> triggering such an endless loop the user will simply abort kpdf and
> never look at that file again, this is only denial of service by a
> _very_ far stretch of imagination. I suppose KDE Security only issued
> an update for it because the shared underlying code was part of the
> Month of Apple Bugs and they wanted to debunk claims of code
> injection. Check the other usual suspects.
> I'd suggest a minimum 5 day wait.
Agreed, unblocked and set to 5-day wait.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: