[Secure-testing-team] Bug#524806 closed by Moritz Muehlenhoff <jmm at inutil.org> (Re: poppler: multiple vulnerabilities)
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Nov 29 20:43:01 UTC 2009
> This is an automatic notification regarding your Bug report
> which was filed against the poppler package:
>
> #524806: poppler: multiple vulnerabilities
>
> It has been closed by Moritz Muehlenhoff <jmm at inutil.org>.
> On Sun, Apr 19, 2009 at 10:04:52PM -0400, Michael S. Gilbert wrote:
>> package: poppler
>> severity: grave
>> tags: security
>>
>> hello,
>>
>> ubuntu recently patched the following poppler issues [0]:
>>
>> CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
>> CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
>> CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188
>
> All these issues are fixed in unstable and Lenny.
>
> There's only one poppler security still open, for which I'll open a
> separate bug.
note that CVE-2009-1187/1188 are not yet fixed in lenny (although they
are just insecure uses of gmalloc). their urgency could of course be
downgraded (medium now, but i think they could probably be no-dsa).
note that my etch patch does include the fixes for these. see
[0] for the patches.
mike
[0] http://bugs.gentoo.org/show_bug.cgi?id=263028
More information about the Secure-testing-team
mailing list