Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 18 Nov 2009 08:07:53 +0100
From: Thomas Biege <thomas@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libpoppler4: buffer overflow in the Abiword backend

On Tue, Nov 17, 2009 at 09:27:03AM +0100, Thomas Biege wrote:
> On Wed, Nov 11, 2009 at 08:05:32PM -0500, Josh Bressers wrote:
> > ----- "Thomas Biege" <thomas@...e.de> wrote:
> > > 
> > > Hello everybody,
> > > 
> > > does this need an CVE-ID?
> > > 
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680
> > > 
> > 
> > I presume this does need a CVE id, but seeing as PDF related bugs are often a
> > Pandora's Box, I'd rather not assign one just yet. Has someone looked at this
> > to see what the root of the problem is?
> 
> AFAICS it just affects libpoppler. But version 4 may not be the only
> one with the bug.

Our maintainer told me that version 3 and 5 are vulnerable too.

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ