Back to poppler PTS page

Accepted poppler 0.4.2-1.1 (source i386)

To: debian-devel-changes@lists.debian.org
Subject: Accepted poppler 0.4.2-1.1 (source i386)
From: Frank KÃster <frank@debian.org>
Date: Sat, 24 Dec 2005 01:32:07 -0800
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1Eq5l1-0000QP-3j@spohr.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <katie@ftp-master.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 23 Dec 2005 16:36:30 +0100
Source: poppler
Binary: libpoppler-glib-dev libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Changwoo Ryu <cwryu@debian.org>
Changed-By: Frank KÃ¼ster <frank@debian.org>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
 libpoppler0c2 - PDF rendering library
 libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
 libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
Closes: 342288
Changes: 
 poppler (0.4.2-1.1) unstable; urgency=high
 .
   * SECURITY UPDATE: Multiple integer/buffer overflows.
 .
   * NMU to fix RC security bug (closes: #342288)
   * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu,
     thanks to Martin Pitt:
   * poppler/Stream.cc, DCTStream::readBaselineSOF(),
     DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
     - Check numComps for invalid values.
     - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
     - CVE-2005-3191
   * poppler/Stream.cc, StreamPredictor::StreamPredictor():
     - Check rowBytes for invalid values.
     - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
     - CVE-2005-3192
    * poppler/JPXStream.cc, JPXStream::readCodestream():
      - Check img.nXTiles * img.nYTiles for integer overflow.
      - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities
      - CVE-2005-3193
Files: 
 fa5985bf510c5dc3793156b056cc78a4 1750 devel optional poppler_0.4.2-1.1.dsc
 384879819f5e5dca860ddb639729bc86 5859 devel optional poppler_0.4.2-1.1.diff.gz
 0247cf16c73b8b62ef757d96daf30897 432912 libs optional libpoppler0c2_0.4.2-1.1_i386.deb
 beaa0aa70ca97108c1b997c1cb14cd79 578472 libdevel optional libpoppler-dev_0.4.2-1.1_i386.deb
 78fc2dcc40d9e3c35a75248dcdac06f3 38076 libs optional libpoppler0c2-glib_0.4.2-1.1_i386.deb
 c5234e6480d01d1598de712269db17d8 41794 libdevel optional libpoppler-glib-dev_0.4.2-1.1_i386.deb
 a1c780d7a092ae6c0981c3d6ae670d60 26566 libs optional libpoppler0c2-qt_0.4.2-1.1_i386.deb
 48fafdd9dea81ca896648aa27dc57539 27540 libdevel optional libpoppler-qt-dev_0.4.2-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDrB+T+xs9YyJS+hoRAkGeAKCGNO5wdGYnEkfuL1m1R5jwVgpeyACgjjbu
pxGJG86s2jzHK+Gk5h/6WcM=
=sW6p
-----END PGP SIGNATURE-----


Accepted:
libpoppler-dev_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler-dev_0.4.2-1.1_i386.deb
libpoppler-glib-dev_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler-glib-dev_0.4.2-1.1_i386.deb
libpoppler-qt-dev_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler-qt-dev_0.4.2-1.1_i386.deb
libpoppler0c2-glib_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler0c2-glib_0.4.2-1.1_i386.deb
libpoppler0c2-qt_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler0c2-qt_0.4.2-1.1_i386.deb
libpoppler0c2_0.4.2-1.1_i386.deb
  to pool/main/p/poppler/libpoppler0c2_0.4.2-1.1_i386.deb
poppler_0.4.2-1.1.diff.gz
  to pool/main/p/poppler/poppler_0.4.2-1.1.diff.gz
poppler_0.4.2-1.1.dsc
  to pool/main/p/poppler/poppler_0.4.2-1.1.dsc