notfound 346086 2.0.2-30sarge4 found 346086 1.0.7+20011202-7.7 stop On 26.01.06 Martin Pitt (mpitt@debian.org) wrote: > Hilmar Preusse [2006-01-23 18:30 +0100]: Hi all, > > On the DSA page Joey states, that the problem is solved for > > oldstable too. The .orig.tar.gz contains a patched Stream.cc, > > which got the same modifications as your patch contain, except > > the last hunk. I'm attaching it. Could you evluate if the hunk is > > necessary. > > If not I guess we're done here and can close #346086. > > This is precisely the fix that is required to avoid endless loops > with prematurely ending PDF files (CVE-2005-3625). So it is not > exploitable to execute any code or something, but it's still a > nasty DoS, particularly in Cups. So I would prefer to apply it, > especially since it's such an easy and straightforward change. > So, what is that now? - a security leak, which must be fixed - rather an inconvenience, which should be fixed? Does that bug deserve still the severity critical? If not I propose to lower the severity to important, keep that bug open until the support for oldstable has ended and close the bug then. For now I mark that bug as not found in 2.0.2-30sarge4 and found in 1.0.7+20011202-7.7 . Regards, Hilmar -- sigmentation fault
Attachment:
pgp_WjhInODUF.pgp
Description: PGP signature