[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 224448] poppler appears to be hit by CVE-2007-0104



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: poppler appears to be hit by CVE-2007-0104


https://bugzilla.redhat.com/show_bug.cgi?id=224448


thoger redhat com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
   Fixed In Version|                            |poppler-0.5.9
         Resolution|                            |CURRENTRELEASE




------- Additional Comments From thoger redhat com  2008-08-01 06:06 EST -------
Looking at the versions we had in Fedora, problem was present in 0.5.4.  Loop
detection is included in 0.5.9.  Current stable Fedora versions are based on
0.6.2 (F-8) and 0.8.1 (F-9), hence include the fix.

Btw:

(In reply to comment #6)
> Changelog for poppler-0.5.4-8.fc7 (the same code base) lists explicitely
>   CVE-2007-3387 (#248194), CVE-2007-4352 (#345101),
>   CVE-2007-5392 (#345111), CVE-2007-5393 (#345121)
> but for poppler-0.6.2-1.fc8 not even that.

IIRC, poppler was re-based to fixed upstream version in F-8 without fixes for
those being mentioned in the RPM changelog.


-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]