Martin Schulze wrote:
> Joey Hess wrote:
> > xpdf is vulnerable to a buffer overflow that can be exploited by
> > malicious pdfs to execute arbitrary code. The hole is described here:
> > http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnera=
bilities&flashstatus=3Dfalse
> >=20
> > I've attached a patch that adds bounds checking to close the hole.
>=20
> For the unstable distribution (sid) this problem has been fixed in
> version 3.00-12.
>=20
> It's in Incoming already.
>=20
> Just FYI.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Ten years and still binary compatible. -- XFree86
>=20
> Please always Cc to me when replying to me on the lists.
>=20
>=20
> --=20
> To UNSUBSCRIBE, email to <email address hidden>
> with a subject of "unsubscribe". Trouble? Contact <email address hidden>=
=2Eorg
>=20
--=20
see shy jo
--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Wed, 19 Jan 2005 15:55:43 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: Re: Bug#291266: vulnerable to CAN-2005-0064
--MGYHOYXEY6WxJCY8 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Martin Schulze wrote: www.idefense. com/application /poi/display? id=3D186& type=3Dvulnera= flashstatus= 3Dfalse
> Joey Hess wrote:
> > xpdf is vulnerable to a buffer overflow that can be exploited by
> > malicious pdfs to execute arbitrary code. The hole is described here:
> > http://
bilities&
> >=20
> > I've attached a patch that adds bounds checking to close the hole.
>=20
> For the unstable distribution (sid) this problem has been fixed in
> version 3.00-12.
>=20
> It's in Incoming already.
>=20
> Just FYI.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Ten years and still binary compatible. -- XFree86
>=20
> Please always Cc to me when replying to me on the lists.
>=20
>=20
> --=20
> To UNSUBSCRIBE, email to <email address hidden>
> with a subject of "unsubscribe". Trouble? Contact <email address hidden>=
=2Eorg
>=20
--=20
see shy jo
--MGYHOYXEY6WxJCY8 pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAoj6AK DS/2/iDxSmsKUbK kG119qTDpqXzwCg p2Cn 6UUesZ5w=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7slPd8H
ah4DrfgcYwlXQx+
=Nxid
-----END PGP SIGNATURE-----
--MGYHOYXEY6WxJ CY8--