Bug#1074146: Confirmation that Poppler's CVE-2024-6239 affects Buster and all subsequent releases
John Scott
jscott at posteo.net
Sun Jun 23 21:45:44 BST 2024
Control: found -1 poppler/0.71.0-5+deb10u3
Control: found -1 poppler/20.09.0-3.1+deb11u1
Control: found -1 poppler/22.12.0-2
Control: found -1 poppler/24.06.0-2
Since I couldn't find detailed information from upstream, I'd like to confirm that I was able to reproduce the crash on Buster, Bullseye, Bookworm, and experimental, and so the Security Tracker information is accurate. I am therefore updating the bug to indicate this as a courtesy to BTS users.
Please note that the vulnerable code and its fix are exclusive to the pdfinfo utility in the poppler-utils binary package; the library is not affected. It might would be helpful if this bug were assigned to that binary package, but it's not my place to make that determination. I don't maintain this package, but do pitch in occasionally and keep a close eye on it.
Thanks and please let me know if I can be of any assistance.
--
🌐 Homepage https://johnscott.me
🪪 Contact info
• as a vCard: https://johnscott.me/me/me.vcf
• as an LDAP directory entry: ldap://johnscott.me/CN=John%20Scott,DC=johnscott,DC=me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20240623/ec30fe4d/attachment-0001.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6270 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20240623/ec30fe4d/attachment-0001.p7s>
More information about the Pkg-freedesktop-maintainers
mailing list