[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please unblock poppler/0.8.6-1

Le samedi 30 août 2008 à 19:32 +0200, Luk Claes a écrit :
> -poppler (0.8.4-1.1) unstable; urgency=high
> -  * Non-maintainer upload by the Security Team.
> -  * Fix missing pageWidgets object initialization that could lead to
> arbitrary
> -    code execution by a crafted PDF file when the Page destructor deletes
> -    the object which has not been initialized before
> -    (CVE-2008-2950.patch; Closes: #489756).
> Was this intentional and is the fix included or not?

The fix is already included in upstream version 0.8.5, but they didn’t
deem it worthy of a NEWS entry, apparently. I’ve updated the bug to mark
which versions are vulnerable.

: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: