[Secure-testing-commits] r11832 - in data: . CVE
Raphael Geissert
atomo64+debian at gmail.com
Wed May 13 20:54:56 UTC 2009
Hi,
Nico Golde wrote:
> Hi,
> * Raphael Geissert <atomo64-guest at alioth.debian.org> [2009-05-07 17:34]:
>> Author: atomo64-guest
>> Date: 2009-05-07 15:06:47 +0000 (Thu, 07 May 2009)
>> New Revision: 11832
>>
>> Modified:
>> data/CVE/list
>> data/embedded-code-copies
>> Log:
>> swfpdf embeds xpdf -- round one
>
> did you verify the vulnerabilities affect swftools in the
> way they make use of the code or is this just an add because
> of the embedded copy?
I checked by looking for the vulnerable code, but since swftools use the
embedded copy for its pdf2swf converter, I expect it to be vulnerable to
most of the vectors. Take a look at scribd.com to see what it does to pdfs.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the Secure-testing-commits
mailing list