Hi,

In data martedì 12 novembre 2013 23:47:21, hai scritto:
> On Fri, Nov 8, 2013 at 8:32 AM, Moritz Muehlenhoff wrote:
> > Two security issues were found in the pdfseparate tool shipped by 
> > poppler-utils:
> Hi, I've uploaded an nmu fixing these two issue to delayed/5.  Please
> see attached patch.

Unfortunately, one of your patches introduces the same issues it is
supposed to fix:

> +@@ -65,9 +66,37 @@
> +   if (firstPage == 0)
> +     firstPage = 1;
> +   if (firstPage != lastPage && strstr(destFileName, "%d") == NULL) {
> +-    error(-1, "'%s' must contain '%%d' if more than one page should be 
> extracted", destFileName);
> ++    error(-1, "'%s' must contain '%d' if more than one page should be 
> extracted", destFileName);
> +     return false;

error() in poppler < 0.19 takes a printf-like format, so changing from
%%d to %d will make printf expect an int, which is not passed as
argument (and thus a we run into a new format string issue).
For the same reason, also...

> ++  if (p != NULL) {
> ++    error(-1, "'%s' can only contain one '%d' pattern", destFileName);
> ++    free(auxDestFileName);
> ++    return false;
> ++  }

... this error() contains the same issue.

Oh, and btw:

> +poppler (0.18.4-8+nmu1) unstable; urgency=high

The NMU version is wrong, since it is not a native package; it should
have been 0.18.4-8.1 instead, as also DevRef §5.11.2 says (but I see
you spread this wrong versioning when NMUing, so hardly something you
will change...)

-- 
Pino Toscano

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to