Bug 19664 - JBIG2 Processing Multiple Security Vulnerabilities
Summary: JBIG2 Processing Multiple Security Vulnerabilities
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: poppler (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Sergey V Turchin
QA Contact: qa-sisyphus
URL: http://www.securityfocus.com/bid/34568
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-04-18 14:36 MSD by Vladimir Lettiev
Modified: 2009-04-29 14:14 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-04-18 14:36:14 MSD 
CVE-2009-0799 xpdf OOB Read
CVE-2009-0800 xpdf Multiple Input Validation Flaws
CVE-2009-1179 xpdf Integer Overflow
CVE-2009-1180 xpdf Invalid free()
CVE-2009-1181 xpdf NULL dereference DoS
CVE-2009-1182 xpdf MMR Decoder Buffer Overflows
CVE-2009-1183 xpdf MMR Infinite Loop DoS

Апстримом выпущена новая версия 0.10.6 poppler, исправляющая эти проблемы
Comment 1 Mikhail Gusarov 2009-04-18 14:37:27 MSD 
security -> blo
Comment 2 Vladimir Lettiev 2009-04-20 17:05:39 MSD 
Сделал у себя ветку security_fixes, где развернул 0.10.6:
http://git.altlinux.org/people/crux/packages/?p=poppler.git;a=commit;h=5b029c84e30f2028faa4e376e61c79875ae37833
Comment 3 Sergey V Turchin 2009-04-21 12:05:59 MSD 
poppler-0.10.6-alt2
Comment 4 Vladimir Lettiev 2009-04-22 16:42:42 MSD 
ack