Back to poppler PTS page

Accepted poppler 0.48.0-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted poppler 0.48.0-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: santiagorr@riseup.net (Santiago R.R.)
Date: Fri, 09 Feb 2018 23:48:42 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ekIPK-0005Al-C9@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 Dec 2017 07:33:40 +0100
Source: poppler
Binary: libpoppler64 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0v5 libpoppler-cpp-dev poppler-utils poppler-dbg
Architecture: source
Version: 0.48.0-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Santiago R.R. <santiagorr@riseup.net>
Description:
 gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
 libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
 libpoppler-cpp0v5 - PDF rendering library (CPP shared library)
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface
 libpoppler-glib8 - PDF rendering library (GLib-based shared library)
 libpoppler-private-dev - PDF rendering library -- private development files
 libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
 libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
 libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface)
 libpoppler64 - PDF rendering library
 poppler-dbg - PDF rendering library -- debugging symbols
 poppler-utils - PDF utilities (based on Poppler)
Changes:
 poppler (0.48.0-2+deb9u1) stretch-security; urgency=medium
 .
   * Fix CVE-2017-9406: a memory leak vulnerability was found in the function
     gmalloc in gmem.cc, which allows attackers to cause a denial of service
     via a crafted file.
   * Fix CVE-2017-9408: memory leak in the function Object::initArray in
     Object.cc that allows attackers to cause a DoS via a crafted file.
   * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that
     allows remote attackers to cause a denial of service (application crash)
     via a crafted PDF document.
   * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in
     JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of
     service (application crash) or possibly have unspecified other impact via a
     crafted PDF document.
   * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc
     allows remote attackers to cause a denial of service (stack-based buffer
     over-read and application crash) via a crafted PDF document
   * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the
     XRef::parseEntry() function in XRef.cc
   * Fix CVE-2017-14518: Floating point exception in the
     isImageInterpolationRequired() function in Splash.cc
   * Fix CVE-2017-14519: A memory corruption may occur in a call to
     Object::streamGetChar
   * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd()
   * Fix CVE-2017-14617: Floating point exception in the ImageStream class in
     Stream.cc
   * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the
     FoFiType1C::convertToType0 function in FoFiType1C.cc
   * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the
     FoFiType1C::convertToType0 function in FoFiType1C.cc
   * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the
     FoFiTrueType::getCFFBlock function in FoFiTrueType.cc
   * Fix CVE-2017-15565: NULL Pointer Dereference in the
     GfxImageColorMap::getGrayLine() function in GfxState.cc
Checksums-Sha1:
 70284b3cd45a5cc2ea0b1bf8977ccfd52799ee86 3408 poppler_0.48.0-2+deb9u1.dsc
 d635f326c28d87feee2d6012a4819c44c21154f0 1684164 poppler_0.48.0.orig.tar.xz
 29ad2f3b85a76f16df2a63612e10a5198ae3a19b 38520 poppler_0.48.0-2+deb9u1.debian.tar.xz
 aeecfe62f7a0228aebf4502424ce484ac80685d3 13694 poppler_0.48.0-2+deb9u1_source.buildinfo
Checksums-Sha256:
 cfb37b36f968c82c85ecd8dcdd3f878d94f7fe990bd3bddaf52f9861e4700da1 3408 poppler_0.48.0-2+deb9u1.dsc
 85a003968074c85d8e13bf320ec47cef647b496b56dcff4c790b34e5482fef93 1684164 poppler_0.48.0.orig.tar.xz
 2a3ceea5752b7ac302ed1175f2109e6322cfde51441308fda148e4e8460186e1 38520 poppler_0.48.0-2+deb9u1.debian.tar.xz
 a958edc4c18cb4ead203d3c33b8b76916753ec876a5cafd17285d2711a817a58 13694 poppler_0.48.0-2+deb9u1_source.buildinfo
Files:
 43768267cdc73de5aca920ddce250a9f 3408 devel optional poppler_0.48.0-2+deb9u1.dsc
 8d61c91cb9e99ad38bba1b0b4432f174 1684164 devel optional poppler_0.48.0.orig.tar.xz
 6776c6a44c97451fefb1a788175b95f6 38520 devel optional poppler_0.48.0-2+deb9u1.debian.tar.xz
 90fb1bc947cb1c410b23508d8963175d 13694 devel optional poppler_0.48.0-2+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlpG7tQACgkQFX/a4RXx
4q319RAAp57YXiZZFtnAi8gg5ui2n4wf0TGEAxhP4VebgBR2/pjWj4AcaRR/U3ZZ
NBcxloAa3iB2RkpA31BgdbdHqJrbcY2PmBAnnTfu2iPTbe2PIAY/HZsrsPwdSoLh
jeNaCHNM/Pm/UDE9OL1QUbKckq6etYLFhNcwWgHHeY7HU4Hf2+UPLX6i6h55rZ0i
ay7ifudhQeFsv+0UmJirdggh7va3K9jZpZjTjAmPH9V/K9XtiDEoB3Zao/KIEA6V
khqPsZpU3cyfD5aAUbXfVb5iPe2zssJ8nNLYgQC10D3mSNcMHCK3fBq0x+W8mLHn
yubQauoiTkpHkIn58AGnT14QkVQcN0pW+24oaQDFUPv1ML7T62iOYIFU7FzdjGzz
17oo/FPVyyrgzTI4+pd3sD2n3c6eS0P3uLECHWkWLPbY1s4dXqcTLvk0M6cS1T6z
l3GgXYAn2oHgLlv2VTTcMOEJzmDpsob7369yfaW1BGpKHNL/rozXmf8tC8sikXvH
JdeqJLg3ePWwRyGXDMWhQtSb5HbQDjOkLZkZASxSr4mkfreH3wx10uPLW921zAni
+g4EYMamejm6zXnP3kIz7+KPF28VmkEmxAG/nd4pXJKcvBagmXoZV1+QYQ5x6LIb
s4IT62b/4MYefFx1J1HIqFnVt6WhUlKuQaG/OscSMAzl9E4izFE=
=y42a
-----END PGP SIGNATURE-----