Hi Pino On Mon, Mar 18, 2013 at 02:48:18PM +0100, Pino Toscano wrote: > I've verified the issues, and the situation that I found for current > wheezy+sid (= 0.18.4-5) is the following: > > Alle sabato 2 marzo 2013, Salvatore Bonaccorso ha scritto: > > CVE-2013-1788[0]: > > invalid memory issues > > This applies, but not with all the reported documents. > > > CVE-2013-1789[1]: > > crash in broken documents > > This seems to not apply. > > > CVE-2013-1790[2]: > > uninitialized memory read > > This applies. > > I will backport and test the appropriate fixes for this version of > poppler, and then upload.
Thank you for checking these issues and for preparing the fixes. > Regarding stable, I will do the proper investigation (and eventually > backport fixes as needed) once sid is fixed and the fixed version has > successfully migrated to wheezy; this way I want to reduce the potential > issues. Is that okay for the security team? Yes this sound good for me. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org