24286 2010-10-13 10:46:10 +0400 Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 2010-10-21 08:52:19 +0400 1 1 4 Development Sisyphus poppler unstable all Linux CLOSED FIXED http://secunia.com/advisories/41596/ security P3 blocker --- 1 crux zerg zerg qa-sisyphus oldest_to_newest 113641 0 crux 2010-10-13 10:46:10 +0400 1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer. 2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file. 3) Other vulnerabilities are caused due to e.g. memory leak errors, which can be exploited to cause a crash by tricking a user into processing a specially crafted PDF file in an application using the library. Also see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165 Fixed(?) in 0.14.4 114023 1 crux 2010-10-20 09:32:25 +0400 В Sisyphus 0.14.4-alt1. Можно закрывать баг или он ешё нужен в открытом состоянии? 114042 2 zerg 2010-10-20 14:00:19 +0400 В 0.14.4-alt1 исправлено. Я это выяснил уже после отправки на сборку.