Hello all, > Matthew Brincke <ma...@mailbox.org> has written on 8 February 2018 at 00:58: > > > Hello zyx, hello all, > > Matthew Brincke <ma...@mailbox.org> has written on 8 February 2018 at 00:13: > > > > > > Hello zyx, hello all, > > > zyx <z...@gmx.us> has written on 4 February 2018 at 16:10: > > > > > > > > > On Fri, 2018-01-26 at 07:34 +0100, zyx wrote: > > > > I see. It looks like I did something wrong when testing the change. > > > > When trying once again now I can confirm what you see, the change > > > > does > > > > fix the CVE. I do not know what I did wrong the last time, I'm sorry > > > > about that. > > > > > > > > I committed the patch as revision 1872: > > > > http://sourceforge.net/p/podofo/code/1872 > > > > > > Hi, > > > I reverted the main part of the above change, because it causes > > > use-after-free in test/unit/podofo-test, more details below. I left > > > > In the Debian Bug Tracking System [1] Matthias Brinke contributed a patch > > which is a correction for the older one, to fix this bug. Of that patch > > the first hunk is of interest here, the others are either already in, > > tiny mostly-docs changes or would require discussion. > > > > pardon my error, please: it's the second hunk, not the first. It's correct in > the commit which is indeed svn r1882: > http://sourceforge.net/p/podofo/code/1882
please also pardon my (brown paper bag) error in its commit message, the CVE id meant is not CVE-2017-5084 as written, but of course CVE-2017-8054. What should I do (after sleeping first, I suppose ;-) )? Best regards, mabri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users