[poppler] CVE-2008-2950

Albert Astals Cid aacid at kde.org
Mon Jul 21 15:21:41 PDT 2008

A Dissabte 19 Juliol 2008, Pino Toscano va escriure:
> Hi,
> while randomly digging about Okular and Poppler bugs, I found a Mandriva
> bug: https://qa.mandriva.com/show_bug.cgi?id=42054
> leading to this CVE:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950
> and to a bug on our bugzilla:
> https://bugs.freedesktop.org/show_bug.cgi?id=16601
> I think to having fixed it with a serie of commits in master[1],
> poppler-0.8[2] and poppler 0.6[3].
> Would be nice it you could check whether all is fine, too.

Thanks man, i was informed before my holiday leave, but i could not add the 
patch until they lifted the "confidentiality" to the issue.

I guess we'll have to release a new version soon although it'll have to wait 
as i have a critical bugfix to do too.


> Thanks,
> [1]
> http://cgit.freedesktop.org/poppler/poppler/commit/?id=3696025977fd345b1276
>7f75a2de6ed7e9467365 [2]
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.8&id=fd0bf8
>b05cb155e2f29df31fa01964b12e710b89 [3]
> http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.6&id=75ad03

More information about the poppler mailing list