Message-ID: <email address hidden> Date: Wed, 19 Jan 2005 21:16:27 +0100 From: Martin Schulze <email address hidden> To: Debian Bug Tracking System <email address hidden> Subject: Re: Bug#291266: vulnerable to CAN-2005-0064
Joey Hess wrote: > xpdf is vulnerable to a buffer overflow that can be exploited by > malicious pdfs to execute arbitrary code. The hole is described here: > http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false > > I've attached a patch that adds bounds checking to close the hole.
For the unstable distribution (sid) this problem has been fixed in version 3.00-12.
It's in Incoming already.
Just FYI.
Regards,
Joey
-- Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
Message-ID: <email address hidden>
Date: Wed, 19 Jan 2005 21:16:27 +0100
From: Martin Schulze <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Re: Bug#291266: vulnerable to CAN-2005-0064
Joey Hess wrote: www.idefense. com/application /poi/display? id=186& type=vulnerabil ities&flashstat us=false
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://
>
> I've attached a patch that adds bounds checking to close the hole.
For the unstable distribution (sid) this problem has been fixed in
version 3.00-12.
It's in Incoming already.
Just FYI.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.