From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#27519: Podofo security bugs
Date: Wed, 28 Jun 2017 11:49:23 -0400
Message-ID: <20170628154923.GA12428@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41475)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQFED-0006Ao-Gq
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:50:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQFEA-00073d-FB
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:50:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:40132)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dQFEA-00073V-BO
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:50:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQFEA-0006tS-4B
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:50:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.27519.B.149866497926458@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41292)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1dQFDd-0005ob-Mq
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:49:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1dQFDa-0006nU-Je
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:49:29 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:41227)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1dQFDa-0006mc-4F
	for bug-guix@gnu.org; Wed, 28 Jun 2017 11:49:26 -0400
Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70])
	by mail.messagingengine.com (Postfix) with ESMTPA id 75A0E24253
	for <bug-guix@gnu.org>; Wed, 28 Jun 2017 11:49:24 -0400 (EDT)
Content-Disposition: inline
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 27519@debbugs.gnu.org


--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There were some bugs with security implications reported in Podofo
recently:

http://seclists.org/oss-sec/2017/q2/0
http://seclists.org/oss-sec/2017/q2/1
http://seclists.org/oss-sec/2017/q2/2

I noticed some fixes committed to the Podofo SVN repo:

https://sourceforge.net/p/podofo/mailman/podofo-svn/?viewmonth=201706

We need to try to cherry-pick these fixes.

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllT0AMACgkQJkb6MLrK
fwg8fRAA3RzF2Nj4dXSacUGlHu/mxEFtsutaFgPo4HCq+g6hURu/VJj+IXkG4+dQ
w8Fbbl4X+SAP8/AZ7kgRlCaE1KFb6DN6UIrCi5b8vxLPUywgdEyRH4z19Mm5bfeq
EWzg2nuAF8gwbP3Esf10SJ4FRDMFdfpHKZfd28epWLm/AFAmv1uXNUJKZKEFntew
7mpQiO8xA4Z+BTzqQF9OmfVc8PZChqiFvUbVYGbfsel8qVahkefkkzh2oKACpw1C
Btgni5twMNo0TesO6F4KoAmC7fDf+835AxMaqHSU4WBIQYIlYfIA9IAymPWhso3W
ZDQfHL2ZtCA1Gl4vSiQ93RSZhuHPnHyAx2TZrb458Dkg3pR+mthlAs41pZx260sI
EDyx8vmG4ux9UvhAf2yNxXQuA0jQuZKnNv18VNiXcH1fyswv4VDuVrlwiGDQ3fvZ
R4preuX5mvk9aPt1/J+LHq94Bz9p8fGWat3aDOJydccek3V5OVRT6LButsTYJXND
bkG7ueHErRL3C6y1TLziTI0OTFSMHoIONAbOCFtTJsTWhEO9+etEBcLMWMYImcvP
RJto+tuwclGutAz9PVQGXZYUIL+5sJzk8b90rxlHRPJshWG8NYLY0HFVXlI2dHTR
IndB1y+fJmFI8gy6deAmNb/0oCkHvCEaVk3M7y4KxM1hpJfu2DA=
=Mozw
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--