Summary: | <app-text/poppler-0.32.0: segmentation fault in XRef::getEntry at XRef.cc:1317 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1198633 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 545600, 545680 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-03-05 07:54:32 UTC
Fixed since 0.28.0, http://cgit.freedesktop.org/poppler/poppler/commit/?id=d6ea8acbb348fdb43601a963ba5407e933565003 I'd prefer to wait for 0.32.0 (to be released today?) for a sec stabilization since that includes more fuzzing fixes. (In reply to Andreas K. Hüttel from comment #1) > Fixed since 0.28.0, > http://cgit.freedesktop.org/poppler/poppler/commit/ > ?id=d6ea8acbb348fdb43601a963ba5407e933565003 > > I'd prefer to wait for 0.32.0 (to be released today?) for a sec > stabilization since that includes more fuzzing fixes. I'm sure you know but (http://poppler.freedesktop.org/ (viewed today)): The latest stable release is poppler-0.32.0.tar.xz, released on March 7, 2015: core: * Annotations: Fix rendering of empty BG/BC arrays * Splash: Fix wrong colour shown when GouraudTriangleShFill uses a DeviceN colorspace. Bug #89182 * Splash: Fix use of uninitialized variable in Splash::pipeRun * Remove unnecesary check for font validity. Bug #88939 * Small optimization in GooString::appendfv(). Bug #89096 * Fix crashes in malformed files utils: * pdftops: Make colorpsace optimization an option instead of default * pdfseparate: use always an unique instance for PDFDoc for savePageAs build system: * cmake: If extra-cmake-modules is around include the Sanitizers module (In reply to Andreas K. Hüttel from comment #1) > Fixed since 0.28.0, > http://cgit.freedesktop.org/poppler/poppler/commit/ > ?id=d6ea8acbb348fdb43601a963ba5407e933565003 > > I'd prefer to wait for 0.32.0 (to be released today?) for a sec > stabilization since that includes more fuzzing fixes. It's been bumped in the meantime. We can wait a few more days and then stabilize 0.32.0 We need feedback on bug 540132. Once that is handled somehow, we can stabilize app-text/poppler-0.32.0 app-office/libreoffice-bin-4.3.5.2-r1 app-office/libreoffice-bin-debug-4.3.5.2-r1 Calling a maintainer timeout on the blocker bugs. Arches please stabilize: Target: ppc64 sci-libs/ogdi-3.2.0_beta2 (bug 413635) Target: amd64 ppc ppc64 x86 sci-libs/gdal-1.11.1-r3 (bug 540132) Target: all stable arches app-text/poppler-0.32.0 Target: amd64 x86 app-office/libreoffice-bin-4.3.5.2-r1 app-office/libreoffice-bin-debug-4.3.5.2-r1 (In reply to Andreas K. Hüttel from comment #5) > Calling a maintainer timeout on the blocker bugs. Arches please stabilize: > > Target: ppc64 > sci-libs/ogdi-3.2.0_beta2 (bug 413635) > > Target: amd64 ppc ppc64 x86 > sci-libs/gdal-1.11.1-r3 (bug 540132) > > Target: all stable arches > app-text/poppler-0.32.0 > > Target: amd64 x86 > app-office/libreoffice-bin-4.3.5.2-r1 > app-office/libreoffice-bin-debug-4.3.5.2-r1 amd64 stable (In reply to Mikle Kolyada from comment #7) > amd64 stable This breaks current stable inkscape (bug 545600). Is it possible to stabilize media-gfx/inkscape-0.48.5-r1 as well? Stable for HPPA. x86 stable arm stable alpha stable ia64 stable ppc64 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup done Arches and Maintainer(s), Thank you for your work. This issue was resolved and addressed in GLSA 201611-15 at https://security.gentoo.org/glsa/201611-15 by GLSA coordinator Aaron Bauman (b-man). |