| Summary: | CVE-2009-0791 - multiple integer overflows | ||
|---|---|---|---|
| Product: | poppler | Reporter: | Gabriel Burt <gabriel.burt> |
| Component: | general | Assignee: | poppler-bugs <poppler-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | Patch against poppler 0.10.1 | ||
|
Description
Gabriel Burt
2010-01-14 11:36:14 UTC
Created attachment 32641 [details] [review] Patch against poppler 0.10.1 This patch was written by Bin Li <bili@novell.com> 0.10.1 is old, we are at 0.12.3 already and that CVE was already fixed, what's the point of this report? Ok, I didn't see any mention of CVE-2009-0791 in the git log or the release notes. Can you point me to where I could have found out this CVE was already fixed? The point of the patch is to share a downstream patch that, if the bug wasn't already apparently fixed, might be useful for fixing it in master. There is no mention, i don't care much about CVE, i just fix the code and that's all. In my opinion CVEs are just a way to make money about bugs in programs. Of course you could have had a look at the code, but you preferred me to loose my time instead of you losing it. And hoping a patch of a release that is 15 months old will still apply is in my opinion hoping too much :D Sharing is good, but not 15 months after. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.