Hello Mattia, hello zyx, hello all, on May 1st, the Debian bug #861597 [1] was filed, mentioning the CVE ID of this PdfParser::ReadObjects heap overflow vulnerability: CVE-2017-8378, under which it's also listed in the Debian security tracker for libpodofo (detail page [2]).
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597 [2] https://security-tracker.debian.org/tracker/CVE-2017-8378 > Mattia Rizzolo <mat...@mapreri.org> has written on 24. April 2017 at 20:38: > > On Mon, Apr 24, 2017 at 08:20:04PM +0200, zyx wrote: > > > thanks for reporting. It seems to not be filled here yet [1]. > > > > Adding it to [1] would be also nice to have (not a question > > for you, I suppose). > > Would be nice to have a CVE id also. > Could somebody fill https://cveform.mitre.org/ asking for one? Once a > CVE id is published there are people routinely triaging those and adding > to the list in [1]. > > > [1] https://security-tracker.debian.org/tracker/source-package/libpodofo > > -- > regards, > Mattia Rizzolo > > GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''. more about > me: https://mapreri.org : :' : Launchpad user: > https://launchpad.net/~mapreri. ' > > Debian QA page: https://qa.debian.org/developer.php?login=mattia `- > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Podofo-users mailing list > Podofo-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/podofo-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
