On Mon, 2017-03-13 at 13:39 +0100, Mattia Rizzolo wrote:
> I find the Debian view for security issues particularly nice to look
> at:
> https://security-tracker.debian.org/tracker/source-package/libpodofo
Hi,
I made a little walk-through of the CVEs and
https://security-tracker.debian.org/tracker/CVE-2017-6846
references reproducer for CVE-2017-6845, it should be
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
instead.
I'm currently at revision 1842 and I cannot reproduce CVE-2017-6841,
CVE-2017-6845, CVE-2017-6846, CVE-2017-6849, CVE-2017-8053 and that
TEMP-0854605-651F03, which end with exception, instead of crashing,
thus I guess they've got fixed meanwhile. I do not get any invalid
read/write from valgrind too. It's possible that my environment doesn't
reproduce for whatever reason, though I had no problem to reproduce
almost all other CVEs locally. It would be great if anyone could
confirm with latest trunk.
Bye,
zyx
--
http://www.litePDF.cz i...@litepdf.cz
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
