[poppler] Fwd: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
adamreichold at myopera.com
Sat Dec 1 05:35:17 PST 2012
-----BEGIN PGP SIGNED MESSAGE-----
The upstream patch looks small enough. The runtime increase hit should
be close to irrelevant for error handling? Hence, I'd say being a good
citizen sounds like the sensible thing to do.
Best regards, Adam.
Am 01.12.2012 02:12, schrieb Albert Astals Cid:
> What is your opinion on this guys?
> Basically the problem seems to be we can "print" in the error
> messages characters that will result in command codes that will
> result in shell terminals executing code.
> I've already told the redhat people i consider this to be a shel
> terminal problem not a poppler one, but it doesn't mean we could
> try to "be good citizens" and help.
> Any opinion on the proposed patch for upstream?
> Cheers, Albert
> _______________________________________________ poppler mailing
> list poppler at lists.freedesktop.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the poppler