I'm currently preparing Ubuntu security updates for these issues, and
I noticed that the upstream provided patch is wrong. I sent the mail
below to upstream (and some others).
Can you please check that you indeed fixed (tetex-bin)/will fix
(poppler) DCTStream::readProgressiveSOF(), too?
Thanks,
Martin
----- Forwarded message from Martin Pitt <email address hidden> -----
It seems that the patch linked from these advisories [1] is a little
bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(),
but does not check it in DCTStream::readProgressiveSOF().
It *seems* that KDE spotted and removed the double check in their
kdegraphics patch [2], but unless they removed
DCTStream::readProgressiveSOF() (which could very well be, I didn't
check yet), these patches now have the same flaw.
Message-ID: <email address hidden>
Date: Thu, 8 Dec 2005 12:21:57 +0100
From: Martin Pitt <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
--Dzs2zDY0zgkG72+7 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Hi!
I'm currently preparing Ubuntu security updates for these issues, and
I noticed that the upstream provided patch is wrong. I sent the mail
below to upstream (and some others).
Can you please check that you indeed fixed (tetex-bin)/will fix :readProgressiv eSOF(), too?
(poppler) DCTStream:
Thanks,
Martin
----- Forwarded message from Martin Pitt <email address hidden> -----
=46rom: Martin Pitt <email address hidden> BAYES_50, BL_SPAMCOP_ NET,RCVD_ IN_SORBS_ WEB autolearn=3Dno version=3D3.0.3
To: <email address hidden>, <email address hidden>, Dirk Mueller <email address hidden>
Subject: Re: [vendor-sec] xpdf update - patch wrong?
Mail-Followup-To: <email address hidden>, <email address hidden>,
Dirk Mueller <email address hidden>
Date: Thu, 8 Dec 2005 11:20:37 +0100
X-Spam-Status: No, score=3D1.0 required=3D4.0 tests=3DAWL,
RCVD_IN_
Hi Derek, hi Dirk, hi Vendor-Sec!
Josh Bressers [2005-12-06 13:50 -0500]: www.idefense. com/application /poi/display? id=3D342& type=3Dvulnerab i= www.idefense. com/application /poi/display? id=3D343& type=3Dvulnerab i=
> In the event any of you missed this:
>=20
> http://
lities
> http://
lities
It seems that the patch linked from these advisories [1] is a little :readBaselineSO F(), :readProgressiv eSOF().
bit flawed: it checks numComps twice in DCTStream:
but does not check it in DCTStream:
It *seems* that KDE spotted and removed the double check in their :readProgressiv eSOF() (which could very well be, I didn't
kdegraphics patch [2], but unless they removed
DCTStream:
check yet), these patches now have the same flaw.
Thanks,
Martin
[1] ftp://ftp. foolabs. com/pub/ xpdf/xpdf- 3.01pl1. patch kde.org/ pub/kde/ security_ patches/ post-3. 4.3-kdegraphics -CAN-2=
[2] ftp://ftp.
005-3193.diff
--=20 www.piware. de www.ubuntu. com www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian Developer http://
In a world without walls and fences, who needs Windows and Gates?
----- End forwarded message -----
--Dzs2zDY0zgkG72+7 pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
nbV4Fd/ IRArJnAJ9lVGh7Z CQ3loxC7+ uKfzBnMfuqVQCgt 5KY 9QWYKbg4=
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDmBdVDec
PNLCquUaYwRRfhC
=JqTt
-----END PGP SIGNATURE-----
--Dzs2zDY0zgkG7 2+7--