[Bug 224448] poppler appears to be hit by CVE-2007-0104
bugzilla at redhat.com
bugzilla at redhat.com
Fri Aug 1 10:06:07 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: poppler appears to be hit by CVE-2007-0104
https://bugzilla.redhat.com/show_bug.cgi?id=224448
thoger at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Fixed In Version| |poppler-0.5.9
Resolution| |CURRENTRELEASE
------- Additional Comments From thoger at redhat.com 2008-08-01 06:06 EST -------
Looking at the versions we had in Fedora, problem was present in 0.5.4. Loop
detection is included in 0.5.9. Current stable Fedora versions are based on
0.6.2 (F-8) and 0.8.1 (F-9), hence include the fix.
Btw:
(In reply to comment #6)
> Changelog for poppler-0.5.4-8.fc7 (the same code base) lists explicitely
> CVE-2007-3387 (#248194), CVE-2007-4352 (#345101),
> CVE-2007-5392 (#345111), CVE-2007-5393 (#345121)
> but for poppler-0.6.2-1.fc8 not even that.
IIRC, poppler was re-based to fixed upstream version in F-8 without fixes for
those being mentioned in the RPM changelog.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-triage-list
mailing list