tag 342288 patch thanks
Hi!
We found more flaws in upstream's xpdf patch, it checked multiplication overflows *after* the overflow occured, which is not valid.
The current patch
http://patches.ubuntu.com/patches/poppler.CVE-2005-3191_2_3.diff
checks multiplication overflows properly and also adds the two missing numComps checks that are missing in xpdf upstream's patch.
Thanks,
Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
tag 342288 patch
thanks
Hi!
We found more flaws in upstream's xpdf patch, it checked
multiplication overflows *after* the overflow occured, which is not
valid.
The current patch
http:// patches. ubuntu. com/patches/ poppler. CVE-2005- 3191_2_ 3.diff
checks multiplication overflows properly and also adds the two
missing numComps checks that are missing in xpdf upstream's patch.
Thanks,
Martin www.piware. de www.ubuntu. com www.debian. org
--
Martin Pitt http://
Ubuntu Developer http://
Debian Developer http://
In a world without walls and fences, who needs Windows and Gates?