[Technik] [SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code
Noèl Köthe
noel at debian.org
Sat Jul 19 22:02:02 CEST 2008
Am Mittwoch, den 09.07.2008, 18:46 +0100 schrieb Steve Kemp:
> Debian Security Advisory DSA-1606-1 security at debian.org
> http://www.debian.org/security/ Steve Kemp
> July 09, 2008 http://www.debian.org/security/faq
>
> Package : poppler
> Vulnerability : programming error
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE 2008-1693
> Debian Bug : 476842
poppler auf h01, h02, h03, h04, h51, h52 und h90 aktualisiert.
> For the stable distribution (etch), this problem has been fixed in version
> 0.4.5-5.1etch3.
poppler (0.4.5-5.1etch3) stable-security; urgency=high
* Non-maintainer upload by the security team
* Make sure the CairoFont::create function properly handles embedded
fonts in PDF files to avoid arbitrary code execution
Fixes: CVE-2008-1693
-- Steffen Joeris <white at debian.org> Sun, 06 Jul 2008 14:51:32 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080719/2debbef0/attachment.pgp
More information about the Technik
mailing list