Hi, In data martedì 12 novembre 2013 23:47:21, hai scritto: > On Fri, Nov 8, 2013 at 8:32 AM, Moritz Muehlenhoff wrote: > > Two security issues were found in the pdfseparate tool shipped by > > poppler-utils: > Hi, I've uploaded an nmu fixing these two issue to delayed/5. Please > see attached patch.
Unfortunately, one of your patches introduces the same issues it is supposed to fix: > +@@ -65,9 +66,37 @@ > + if (firstPage == 0) > + firstPage = 1; > + if (firstPage != lastPage && strstr(destFileName, "%d") == NULL) { > +- error(-1, "'%s' must contain '%%d' if more than one page should be > extracted", destFileName); > ++ error(-1, "'%s' must contain '%d' if more than one page should be > extracted", destFileName); > + return false; error() in poppler < 0.19 takes a printf-like format, so changing from %%d to %d will make printf expect an int, which is not passed as argument (and thus a we run into a new format string issue). For the same reason, also... > ++ if (p != NULL) { > ++ error(-1, "'%s' can only contain one '%d' pattern", destFileName); > ++ free(auxDestFileName); > ++ return false; > ++ } ... this error() contains the same issue. Oh, and btw: > +poppler (0.18.4-8+nmu1) unstable; urgency=high The NMU version is wrong, since it is not a native package; it should have been 0.18.4-8.1 instead, as also DevRef §5.11.2 says (but I see you spread this wrong versioning when NMUing, so hardly something you will change...) -- Pino Toscano
signature.asc
Description: This is a digitally signed message part.