A vulnerability has been discovered in SumatraPDF, which potentially can be exploited by malicious people to compromise a user's system
You need to log in to the Secunia Community to view the full description of this advisory
If you are not a member of the Secunia community, you can sign up here for free.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Score: 2437 Posts: 3,319 User Since: 19th Dec 2007 System Score: N/A Location: N/A
You may not be aware that this sub-forum is reserved for technical discussion of a particular Secunia Advisory . Your question really falls outside those limits , however a similar question has been answered by Secunia support in this thread :-
Score: 13 Posts: 9 User Since: 28th Apr 2011 System Score: N/A Location: AQ Last edited on 20th Jun, 2011 04:11
Ok, I've taken this a little farther, because I noticed just as I was about to close the page that there's a vague, undated, unversioned note that this is/was 'fixed in the latest prerelease version'.
Since I know Sumatra issues pre-releases nearly daily, having helped them on another bug, I went looking for when they might have fixed this, or been able to receive a new MuPDF library which contained the fix.
Note this was from last August, though it does sound suspiciously like it may be the actual fix, just carefully not noted as a security issue.
Thus we may presume Sumatra picked up a revised library long ago, and that this bug is fixed.
Or not? Equally possible I would say.
If Secunia knows as it states above on this page that a fix was done, may we have a date? And can you please assure whether the current Sumatra 1.6, released a week or two ago, has the fix?
If it does, it would also be nice if Secunia would properly do two things:
1. Give proper Secure Browsing score, not implicating Sumatra
2. Actually show Sumatra as a Security hazard itself, if it is.
Maybe this is the root of the whole problem here. Secunia is saying Sumatra 1.6 is fine, as a program. However, Secunia is saying Sumatra is very much not fine as an application used by browsers, and marking all my browsers as bad because they will open PDFs with Sumatra.
It looks likely that the real error is in Secunia's incongruent rules on this, doesn't it?
p.s. I made an error mentioning Sumatra 1.5 in the above posting: current version, on which Secunia is reporting for me, is 1.6
Score: 13 Posts: 9 User Since: 28th Apr 2011 System Score: N/A Location: AQ Last edited on 21st Jun, 2011 04:13
Do you realize:
1. Secunia reports SumatraPDF 1.6 as 'patched' and with no vulnerabilites
2. Secunia however also reports all browsers are unsafe, because they would open PDFs with Secunia?
Thus Secunia is at fault. Not me, and not Sumatra.
I must say that you are exceptionally rude in your behaviour, in refusing to respond to detailed technical investigation, which discloses Secunia's problem on this technical issue which is entirely on subject for the vulnerability.
And hiding behind a demotion system.
You are speaking to an adult here. I spent my time to work out the real problem you are having, in false reporting by your application. Please respond in kind.