Re: Please hint poppler 0.4.5-5.1

To: Debian Release Management <debian-release@lists.debian.org>
Subject: Re: Please hint poppler 0.4.5-5.1
From: Frank Küster <frank@kuesterei.ch>
Date: Mon, 22 Jan 2007 13:56:31 +0100
Message-id: <[🔎] 86fya3usn4.fsf@alhambra.kuesterei.ch>

Steve Langasek <vorlon <at> debian.org> writes:

> On Mon, Jan 22, 2007 at 07:46:45AM +0000, Neil McGovern wrote:
> > For info, we do have this tracked as fixed in 0.4.5-5.1 but:
> 
> > Notes:
> >   hardly a security issue; if someone sends someone a crafted PDF file
> >   triggering such an endless loop the user will simply abort kpdf and
> >   never look at that file again, this is only denial of service by a
> >   _very_ far stretch of imagination. 

For kpdf this is true, for libpopple not:  Already in etch, pdftex uses
libpoppler for parsing of PDF files, and pdftex is actually used in
server setups.  Moreover, people are encouraged to not use copies of
xpdf code but link against libpoppler for any new application that
parses PDF files.  

> Agreed, unblocked and set to 5-day wait.

That's okay, but I think we should not release etch with this bug, and
take care that it really migrates after the 5 days.

Regards, Frank
-- 
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)

Reply to:

Prev by Date: Re: New grub suitable for Etch
Next by Date: Please allow glibc_2.3.6.ds1-10
Previous by thread: Re: Please hint poppler 0.4.5-5.1
Next by thread: please unblock xdm 1:1.0.5-2
Index(es):
- Date
- Thread