[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.
|
From: |
Marius Bakke |
|
Subject: |
Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674. |
|
Date: |
Wed, 26 Oct 2016 07:11:29 +0100 |
|
User-agent: |
Notmuch/0.23.1 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu) |
Kei Kebreau <address@hidden> writes:
> Is it frowned upon to revert that commit on its own (it's the third to
> last commit as I write this), or should I attempt to patch on top of it?
I've modified the patch to apply to 1.9a, but it was far from trivial
due to many context changes in upstream git. The attached patch makes
mupdf build at least, and viewing PDF still works...
The interdiff is rather unintelligible, so to verify this you should
compare the final patch with the 1.9a sources.
Ideally we should try and reproduce this vulnerability (and others!)
after applying this patch, but I don't know how to use AFL.
Another option is to simply package up the git version, as there appears
to be no users of mupdf in the tree.
WDYT, is this patch safe?
signature.asc
Description: PGP signature
0001-gnu-mupdf-Modify-CVE-2016-8674-patch-to-apply-to-1.9.patch
Description: Text Data