[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder
From: Oden Eriksson <oeriksson () mandriva ! com>
Date: 2009-10-29 11:18:21
Message-ID: 200910291218.21686.oeriksson () mandriva ! com
[Download RAW message or body]
onsdagen den 28 oktober 2009 13.58.56 skrev Mark J Cox:
> > The same PoC crashes xpdf. I'm not aware of any CVE id being assigned for
> > this issue other than the one for Adobe Reader.
>
> So I've deliberately not allocated one because we generally do not
> consider a crash of a user application like a PDF reader to be a security
> issue. However CVE does have a few cases where CVE names were allocated
> for such cases, so if any vendor here is going to treat this as a security
> issue let me know and I'll allocate a name for tracking purposes.
>
> Thanks, Mark
>
I was actually planning to but as currently done in cooker where jbig2dec is
broken out in a new jbig2dec-0.10 package (with the patch applied). This makes
it easier for future borkiness. This was also done with jasper earlier for the
same reason.
--
Regards // Oden Eriksson
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic