Hi, In data martedì 12 novembre 2013 23:47:21, hai scritto: > On Fri, Nov 8, 2013 at 8:32 AM, Moritz Muehlenhoff wrote: > > Two security issues were found in the pdfseparate tool shipped by > > poppler-utils: > Hi, I've uploaded an nmu fixing these two issue to delayed/5. Please > see attached patch.
Unfortunately, one of your patches introduces the same issues it is
supposed to fix:
> +@@ -65,9 +66,37 @@
> + if (firstPage == 0)
> + firstPage = 1;
> + if (firstPage != lastPage && strstr(destFileName, "%d") == NULL) {
> +- error(-1, "'%s' must contain '%%d' if more than one page should be
> extracted", destFileName);
> ++ error(-1, "'%s' must contain '%d' if more than one page should be
> extracted", destFileName);
> + return false;
error() in poppler < 0.19 takes a printf-like format, so changing from
%%d to %d will make printf expect an int, which is not passed as
argument (and thus a we run into a new format string issue).
For the same reason, also...
> ++ if (p != NULL) {
> ++ error(-1, "'%s' can only contain one '%d' pattern", destFileName);
> ++ free(auxDestFileName);
> ++ return false;
> ++ }
... this error() contains the same issue.
Oh, and btw:
> +poppler (0.18.4-8+nmu1) unstable; urgency=high
The NMU version is wrong, since it is not a native package; it should
have been 0.18.4-8.1 instead, as also DevRef §5.11.2 says (but I see
you spread this wrong versioning when NMUing, so hardly something you
will change...)
--
Pino Toscano
signature.asc
Description: This is a digitally signed message part.
