> Hi!
>
> I'm currently preparing Ubuntu security updates for these issues, and
> I noticed that the upstream provided patch is wrong. I sent the mail
> below to upstream (and some others).
>
> Can you please check that you indeed fixed (tetex-bin)/will fix
> (poppler) DCTStream::readProgressiveSOF(), too?
[...]
> It seems that the patch linked from these advisories [1] is a little
> bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(),
> but does not check it in DCTStream::readProgressiveSOF().
We have the same flaw in our upload. Would you be so kind and check the
updated patch at=20
Message-ID: <email address hidden> 1?q?Frank_ K=FCster? = <email address hidden>
Date: Thu, 08 Dec 2005 13:17:50 +0100
From: =?iso-8859-
To: Martin Pitt <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
Martin Pitt <email address hidden> wrote:
> Hi! :readProgressiv eSOF(), too? :readBaselineSO F(), :readProgressiv eSOF().
>
> I'm currently preparing Ubuntu security updates for these issues, and
> I noticed that the upstream provided patch is wrong. I sent the mail
> below to upstream (and some others).
>
> Can you please check that you indeed fixed (tetex-bin)/will fix
> (poppler) DCTStream:
[...]
> It seems that the patch linked from these advisories [1] is a little
> bit flawed: it checks numComps twice in DCTStream:
> but does not check it in DCTStream:
We have the same flaw in our upload. Would you be so kind and check the
updated patch at=20
http:// svn.debian. org/wsvn/ pkg-tetex/ tetex-bin/ trunk/debian/ patches/ patch-C= 3191+2+ 3?op=3Dfile& rev=3D0& sc=3D0
VE-2005-
I'm completely illerate in C++, and would like to make sure this is
correct.=20=20
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer