[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27621: Poppler's replacement is ABI-incompatible with the original
From: |
Leo Famulari |
Subject: |
bug#27621: Poppler's replacement is ABI-incompatible with the original |
Date: |
Sun, 9 Jul 2017 21:48:29 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sun, Jul 09, 2017 at 05:25:07PM -0400, Mark H Weaver wrote:
> They did, however, cherry-pick an upstream patch to fix a null pointer
> dereference bug in 0.52.0. I'll look into adding this patch to our
> poppler.
Thanks! Let us know how it goes.
> FWIW, Fedora considers CVE-2017-9775 to be of low severity:
>
> https://access.redhat.com/security/cve/cve-2017-9775
The disclosure on the freedesktop bug tracker [0] says:
"Due to some restrictions in the lines after the bug, an attacker can't
control the values written in the stack so it unlikely this could lead
to a code execution."
So, not great but, if their estimation is right, not that bad either.
[0] https://bugs.freedesktop.org/show_bug.cgi?id=101540
signature.asc
Description: PGP signature