[poppler] CVE-2009-0146/0147/0166

Albert Astals Cid aacid at kde.org
Sat Aug 1 02:58:57 PDT 2009


A Dissabte, 1 d'agost de 2009, Michael S Gilbert va escriure:
> Hello,
>
> I am triaging the subject CVEs in debian.  Do you have any info or
> links to patches for these CVEs?  Gentoo's [1] and Ubuntu's [2] patch
> sets claim to address these, but it is not entirely clear that this is
> the case (they did not associate the CVE numbers with their code
> changes and there are no patch sets linked from mitre to verify
> against). Thank you for any info you can provide.

CVE is the game of people that make money about bugs, most of the time they 
don't even warn us nor give us PDF to try to reproduce the problems so i 
mostly ignore CVE.

The only CVE i was informed of and we worked to solve was the one that 
resulted in 
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.10&id=763bfd27a50a9f8176fe112823839549e4498a39
no idea if that's the one you want or not.

Albert

>
> Mike
>
> [1] http://bugs.gentoo.org/show_bug.cgi?id=263028
> [2]
> http://patches.ubuntu.com/by-release/extracted/intrepid-security/p/poppler/
>0.8.7-1ubuntu0.2/64_security_jbig2.patch
> _______________________________________________
> poppler mailing list
> poppler at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/poppler



More information about the poppler mailing list