On Thu, Dec 07, 2006 at 10:12:14PM +0100, Loïc Minier wrote: > Thanks for the bug and the patch! I had flagged the Ubuntu security > notice, but didn't have time to upload it yet.
Okay, great. I wanted to make sure all the upstreams had the bug recorded, just in case. :) The Gnome report is here: http://bugzilla.gnome.org/show_bug.cgi?id=383485 > I saw that you updated 0.4 and 0.6, but not 0.1; perhaps you do not > ship evince 0.1 anymore, but if you do, do you know whether is it > affected? The earliest supported evince in Ubuntu is 0.4. As far as I can tell, if ps/ps.c exists in the codebase, it's vulnerable. (Since that file was embedded from a vulnerable version of gv.) Thanks! -- Kees Cook @outflux.net
