[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please hint poppler 0.4.5-5.1

Steve Langasek <vorlon <at> debian.org> writes:

> On Mon, Jan 22, 2007 at 07:46:45AM +0000, Neil McGovern wrote:
> > For info, we do have this tracked as fixed in 0.4.5-5.1 but:
> > Notes:
> >   hardly a security issue; if someone sends someone a crafted PDF file
> >   triggering such an endless loop the user will simply abort kpdf and
> >   never look at that file again, this is only denial of service by a
> >   _very_ far stretch of imagination. 

For kpdf this is true, for libpopple not:  Already in etch, pdftex uses
libpoppler for parsing of PDF files, and pdftex is actually used in
server setups.  Moreover, people are encouraged to not use copies of
xpdf code but link against libpoppler for any new application that
parses PDF files.  

> Agreed, unblocked and set to 5-day wait.

That's okay, but I think we should not release etch with this bug, and
take care that it really migrates after the 5 days.

Regards, Frank
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)

Reply to: