> Hi!
>
> I'm currently preparing Ubuntu security updates for these issues, and
> I noticed that the upstream provided patch is wrong. I sent the mail
> below to upstream (and some others).
>
> Can you please check that you indeed fixed (tetex-bin)/will fix
> (poppler) DCTStream::readProgressiveSOF(), too?
[...]
> It seems that the patch linked from these advisories [1] is a little
> bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(),
> but does not check it in DCTStream::readProgressiveSOF().
We have the same flaw in our upload. Would you be so kind and check the
updated patch at
Martin Pitt <email address hidden> wrote:
> Hi! :readProgressiv eSOF(), too? :readBaselineSO F(), :readProgressiv eSOF().
>
> I'm currently preparing Ubuntu security updates for these issues, and
> I noticed that the upstream provided patch is wrong. I sent the mail
> below to upstream (and some others).
>
> Can you please check that you indeed fixed (tetex-bin)/will fix
> (poppler) DCTStream:
[...]
> It seems that the patch linked from these advisories [1] is a little
> bit flawed: it checks numComps twice in DCTStream:
> but does not check it in DCTStream:
We have the same flaw in our upload. Would you be so kind and check the
updated patch at
http:// svn.debian. org/wsvn/ pkg-tetex/ tetex-bin/ trunk/debian/ patches/ patch-CVE- 2005-3191+ 2+3?op= file&rev= 0&sc=0
I'm completely illerate in C++, and would like to make sure this is
correct.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer