Bug 101062

Summary: Vulnerability discovered in Poppler PDF
Product: poppler Reporter: regiwils
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description regiwils 2017-05-16 15:30:20 UTC
Hello, 
The Cisco Talos team found a security vulnerability impacting Poppler PDF customers. As this is a sensitive security issue, this report is to request a PGP key for further communication. Please acknowledge receipt of this email so we can confirm we have the right system for reporting security issues with Poppler PDF.
Comment 1 Albert Astals Cid 2017-05-16 21:02:37 UTC
Any reason you decided to open a new bug instead of following up my question at https://bugs.freedesktop.org/show_bug.cgi?id=100855 or the email at https://lists.freedesktop.org/archives/poppler/2017-April/012197.html ?

>  Please acknowledge receipt of this email so we can confirm we have the right system for reporting security issues with Poppler PDF.

We have acknowledged your emails twice, it's you that seem to have problems following up.
Comment 2 Jose Aliste 2017-05-16 21:04:59 UTC
Albert, I already have the three CVE reports with a testcase. Since these are private yet we cannot upload here, unless we mark this bug as private.
Comment 3 GitLab Migration User 2018-08-21 10:38:25 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/poppler/poppler/issues/301.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.