Hi! I'm currently preparing Ubuntu security updates for these issues, and I noticed that the upstream provided patch is wrong. I sent the mail below to upstream (and some others).
Can you please check that you indeed fixed (tetex-bin)/will fix (poppler) DCTStream::readProgressiveSOF(), too? Thanks, Martin ----- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> ----- From: Martin Pitt <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], Dirk Mueller <[EMAIL PROTECTED]> Subject: Re: [vendor-sec] xpdf update - patch wrong? Mail-Followup-To: [EMAIL PROTECTED], [EMAIL PROTECTED], Dirk Mueller <[EMAIL PROTECTED]> Date: Thu, 8 Dec 2005 11:20:37 +0100 X-Spam-Status: No, score=1.0 required=4.0 tests=AWL,BAYES_50, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB autolearn=no version=3.0.3 Hi Derek, hi Dirk, hi Vendor-Sec! Josh Bressers [2005-12-06 13:50 -0500]: > In the event any of you missed this: > > http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities > http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities It seems that the patch linked from these advisories [1] is a little bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(), but does not check it in DCTStream::readProgressiveSOF(). It *seems* that KDE spotted and removed the double check in their kdegraphics patch [2], but unless they removed DCTStream::readProgressiveSOF() (which could very well be, I didn't check yet), these patches now have the same flaw. Thanks, Martin [1] ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch [2] ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdegraphics-CAN-2005-3193.diff -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? ----- End forwarded message -----
signature.asc
Description: Digital signature