Comment 12 for bug 26647

Message-ID: <email address hidden>
Date: Mon, 12 Dec 2005 11:03:02 +0100
From: Martin Pitt <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Ubuntu security patch

--A6N2fC+uXW/VQSAv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tag 342288 patch
thanks

Hi!

We found more flaws in upstream's xpdf patch, it checked
multiplication overflows *after* the overflow occured, which is not
valid.

The current patch

  http://patches.ubuntu.com/patches/poppler.CVE-2005-3191_2_3.diff

checks multiplication overflows properly and also adds the two
missing numComps checks that are missing in xpdf upstream's patch.

Thanks,

Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

--A6N2fC+uXW/VQSAv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDnUrWDecnbV4Fd/IRAhmDAKDPWXShZVzIpoL7XeFhmfAviMH35wCgse9H
zq9Q4slfHUmuRr/GfUA2liM=
=i2Iv
-----END PGP SIGNATURE-----

--A6N2fC+uXW/VQSAv--