Package: libpoppler3 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for poppler.
CVE-2008-2950[0]: | The poppler PDF rendering library suffers a memory management bug which leads | to arbitrary code execution. | | The vulnerability is present in the Page class constructor/destructor. The | pageWidgets object is not initialized in the Page constructor if specific | conditions are met, but it is deleted afterwards in the destructor regardless | of its initialization. | | Specific PDF files can be crafted which allocate arbitrary memory to trigger | the vulnerability. This is not yet on the mitre site, in the meantime check out: http://www.ocert.org/advisories/ocert-2008-007.html The patch is also available on this website. A new upstream release to fix this is scheduled on July 30th according to the maintainer. Please don't wait until then to upload a fixed package. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950 http://security-tracker.debian.net/tracker/CVE-2008-2950 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgprQO8fgTent.pgp
Description: PGP signature
