Debian Bug report logs -
#518478
several crashes (DoS)
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 6 Mar 2009 13:36:01 UTC
Severity: important
Tags: patch, security
Found in version poppler/0.8.7-1
Fixed in version 0.10.4-1
Done: Jakub Wilk <jwilk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Loic Minier <lool@dooz.org>:
Bug#518478; Package libpoppler3.
(Fri, 06 Mar 2009 13:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Loic Minier <lool@dooz.org>.
(Fri, 06 Mar 2009 13:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libpoppler3
Version: 0.8.7-1
Severity: important
Tags: patch, security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for poppler.
CVE-2009-0756[0]:
| The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4
| allows remote attackers to cause a denial of service (crash) via a PDF
| file that triggers a parsing error, which is not properly handled by
| JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory
| dereference.
CVE-2009-0755[1]:
| The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4
| allows remote attackers to cause a denial of service (crash) via a PDF
| file with an invalid Form Opt entry.
I don't see any arbitrary code execution happening here, so the impact
is certainly not critical. I've taken the two patches for the CVEs from
upstream's changelog. I also included another patch, which claims to
fix a crash, maybe you want to have a look at it.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756
http://security-tracker.debian.net/tracker/CVE-2009-0756
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
http://security-tracker.debian.net/tracker/CVE-2009-0755
[CVE-2009-0755.dos (text/plain, attachment)]
[CVE-2009-0756.dos (text/x-c++, attachment)]
[other-crash (text/x-c++, attachment)]
Bug reassigned from package 'libpoppler3' to 'libpoppler4'.
Request was from Marco Rodrigues <gothicx@sapo.pt>
to control@bugs.debian.org.
(Sun, 02 Aug 2009 09:33:06 GMT) (full text, mbox, link).
Bug No longer marked as found in versions poppler/0.8.7-1.
Request was from Marco Rodrigues <gothicx@sapo.pt>
to control@bugs.debian.org.
(Sun, 02 Aug 2009 09:33:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Loic Minier <lool@dooz.org>:
Bug#518478; Package libpoppler4.
(Sun, 02 Aug 2009 09:51:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Marco Rodrigues <gothicx@sapo.pt>:
Extra info received and forwarded to list. Copy sent to Loic Minier <lool@dooz.org>.
(Sun, 02 Aug 2009 09:51:16 GMT) (full text, mbox, link).
Message #14 received at 518478@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi!
Looks like it still has problems in etch.
http://security-tracker.debian.net/tracker/CVE-2009-0756
Bug reassigned to libpoppler4.
- --
Marco Rodrigues
http://Marco.Tondela.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJKdV34AAoJENDqNB6bSPIzG2cP/0XsBU+WooVWHHTiqfFbkYFS
m2hVxgSxKJl58qaMm4IzV26zCP/9izWrCzYrTD5dXFocF3V6tEHopC2xDMHJ6VmE
cA5eQajZSl3NQFm0EQLYjMPzvyixG788zbboIJmzwKIgCCyB8imS9Egz/pyCFWf7
2B8aLbhj66ciX9IP1Bg0IppCPtPeG1FRgnHJ5kQdEgLhmREcyR3ZmvfZwBQ1egc3
mz3wOaEwGFb04LAueoGPxOVdlzynTBNRpxGL7zjdw4ljN1c3pL8sHqvOEInEe+eO
xhiPmqx59/D7MN6bFtHBXrO06YDpN5CJtvUdeeJajPeKWu7mQ9KyynaPuLz9Q5qP
5/VlmiHqapBVfXG8WKTbfi1l9cyMl80U8TaEZtbtLAZP6AXzXsHwMcbzK90GaY/a
1G68M/c9UlUTvGiiPxO8dHdXsRFlqFiEeunCobLOKuplGQaFNiNVE1giv4Nam7j6
Awfw2YEMZygD9TkQGHH+BnhhLQV/lhsD3y1qFMwyceHl7CPHtzayJOeR8eAwYKm0
Jxu+nNkk6+FkAqliA9BZ0WOCIf6AzGm7qAylG4FCcHFc/jXx35gvgSvFKqvTZxPK
uTYuyi+WOd/UaMwgV4KVZHr9pH00opyB7QK7cXm1DPsQTiOi+HMk/AaIcHiltCdk
WrbG1SAfpxTeZohLNV5g
=Vaat
-----END PGP SIGNATURE-----
Bug Marked as found in versions poppler/0.8.7-1.
Request was from Jakub Wilk <jwilk@debian.org>
to control@bugs.debian.org.
(Fri, 05 Feb 2010 22:33:16 GMT) (full text, mbox, link).
Reply sent
to Jakub Wilk <jwilk@debian.org>:
You have taken responsibility.
(Sat, 06 Feb 2010 12:42:07 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(Sat, 06 Feb 2010 12:42:07 GMT) (full text, mbox, link).
Message #23 received at 518478-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: poppler/0.10.4-1
The bug was fixed upstream in poppler 0.10.4.
--
Jakub Wilk
[signature.asc (application/pgp-signature, inline)]
Bug Marked as fixed in versions 0.10.4-1.
Request was from Jakub Wilk <jwilk@debian.org>
to control@bugs.debian.org.
(Sat, 06 Feb 2010 13:09:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 07 Mar 2010 07:41:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:17:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon