[poppler] Fwd: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
Albert Astals Cid
aacid at kde.org
Fri Nov 30 17:12:33 PST 2012
What is your opinion on this guys?
Basically the problem seems to be we can "print" in the error messages
characters that will result in command codes that will result in shell
terminals executing code.
I've already told the redhat people i consider this to be a shel terminal
problem not a poppler one, but it doesn't mean we could try to "be good
citizens" and help.
Any opinion on the proposed patch for upstream?
Cheers,
Albert
-------------- next part --------------
An embedded message was scrubbed...
From: Jan Lieskovsky <jlieskov at redhat.com>
Subject: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
Date: Wed, 14 Nov 2012 11:24:24 -0500
Size: 15540
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20121201/46ad7d60/attachment-0001.mht>
More information about the poppler
mailing list