Comment 6 for bug 12059

Message-ID: <email address hidden>
Date: Wed, 19 Jan 2005 15:55:43 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: Re: Bug#291266: vulnerable to CAN-2005-0064

--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Martin Schulze wrote:
> Joey Hess wrote:
> > xpdf is vulnerable to a buffer overflow that can be exploited by
> > malicious pdfs to execute arbitrary code. The hole is described here:
> > http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnera=
bilities&flashstatus=3Dfalse
> >=20
> > I've attached a patch that adds bounds checking to close the hole.
>=20
> For the unstable distribution (sid) this problem has been fixed in
> version 3.00-12.
>=20
> It's in Incoming already.
>=20
> Just FYI.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Ten years and still binary compatible. -- XFree86
>=20
> Please always Cc to me when replying to me on the lists.
>=20
>=20
> --=20
> To UNSUBSCRIBE, email to <email address hidden>
> with a subject of "unsubscribe". Trouble? Contact <email address hidden>=
=2Eorg
>=20

--=20
see shy jo

--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7slPd8HHehbQuO8RAoj6AKDS/2/iDxSmsKUbKkG119qTDpqXzwCgp2Cn
ah4DrfgcYwlXQx+6UUesZ5w=
=Nxid
-----END PGP SIGNATURE-----

--MGYHOYXEY6WxJCY8--