thr3ads.net - Secure testing team - [Secure-testing-team] Bug#524806 closed by Moritz Muehlenhoff <jmm@inutil.org> (Re: poppler: multiple vulnerabilities) [Nov 2009]

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-Nov-29 20:43 UTC

[Secure-testing-team] Bug#524806 closed by Moritz Muehlenhoff <jmm@inutil.org> (Re: poppler: multiple vulnerabilities)

> This is an automatic notification regarding your Bug report
> which was filed against the poppler package:
>
> #524806: poppler: multiple vulnerabilities
>
> It has been closed by Moritz Muehlenhoff <jmm at inutil.org>.
> On Sun, Apr 19, 2009 at 10:04:52PM -0400, Michael S. Gilbert wrote:
>> package: poppler
>> severity: grave
>> tags: security
>> 
>> hello,
>> 
>> ubuntu recently patched the following poppler issues [0]:
>> 
>> CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
>> CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
>> CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188
>
> All these issues are fixed in unstable and Lenny.
>
> There''s only one poppler security still open, for which
I''ll open a
> separate bug.
note that CVE-2009-1187/1188 are not yet fixed in lenny (although they
are just insecure uses of gmalloc).  their urgency could of course be
downgraded (medium now, but i think they could probably be no-dsa).
note that my etch patch does include the fixes for these.  see
[0] for the patches.

mike

[0] http://bugs.gentoo.org/show_bug.cgi?id=263028

Secure testing team - Nov 2009 - Bug#524806 closed by Moritz Muehlenhoff <jmm@inutil.org> (Re: poppler: multiple vulnerabilities)

[Secure-testing-team] Bug#524806 closed by Moritz Muehlenhoff <jmm@inutil.org> (Re: poppler: multiple vulnerabilities)