Back to poppler PTS page

Accepted poppler 0.26.5-2+deb8u5 (source amd64 all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted poppler 0.26.5-2+deb8u5 (source amd64 all) into oldstable
From: Mike Gabriel <sunweaver@debian.org>
Date: Thu, 01 Nov 2018 10:40:36 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1gIAOy-00062G-Ui@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 31 Oct 2018 12:47:07 +0100
Source: poppler
Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg
Architecture: source amd64 all
Version: 0.26.5-2+deb8u5
Distribution: jessie-security
Urgency: medium
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
 libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
 libpoppler-cpp0 - PDF rendering library (CPP shared library)
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface
 libpoppler-glib8 - PDF rendering library (GLib-based shared library)
 libpoppler-private-dev - PDF rendering library -- private development files
 libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
 libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
 libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface)
 libpoppler46 - PDF rendering library
 poppler-dbg - PDF rendering library -- debugging symbols
 poppler-utils - PDF utilities (based on Poppler)
Closes: 898357 909802
Changes:
 poppler (0.26.5-2+deb8u5) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-16646: Handle duplicate objects more robustly. Prohibit
     DoS attacks via crafted PDF files causing inifinite recursions.
     (Closes: #909802). This fix adds the following patches:
     + upstream_Fix-rendering-of-some-broken-PDF-files.patch
     + upstream_Allow-newlines-in-num-gen-obj-sequence.patch
     + upstream_XRef-Fix-runtime-undefined-behaviour.patch
     + upstream_CVE-2018-16646_Fail-when-PDF-contains-duplicate-objects.patch
     + upstream_CVE-2018-16646_Allow-duplicated-objects-in-incremental-updates.
       patch
   * CVE-2018-10768: Fix crash on AnnotInk::draw for malformed documents.
   * CVE-2017-18267: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed
     documents. (Closes: #898357).
   * CVE-2018-13988.patch: Fix crash when Object has negative number. Specs say,
     number has be > 0 and gen >= 0. Original upstream patch backported to old
     Object API:
     + upstream-modified_CVE-2018-13988.patch
Checksums-Sha1:
 1b74b217b107a888c7ae5f1b9fe09b30a9e205e9 3331 poppler_0.26.5-2+deb8u5.dsc
 5f56ef63b712c356e7cfb833a5a7f04255bae33a 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz
 d330a0c7fde7d6bcf3cc3023afbdc6613d6454dd 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb
 586ddb413f6c2f72f24bd8b571e2330ff03b0dcf 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb
 e6ed488e5059888ddeb25612dd66dfeab9ebba9d 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb
 f72206a1d66e0ffc97249e7aad911b9de932ebfa 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb
 0ace8ee98f8bfd80db5552c38d7b2a2ae66aadb1 163500 libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb
 bf325a5d1f6a9b64ff0f76d31fe751b7c49bc1be 85842 libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb
 4294f5ab3b3910e4d2ce4dde255124016390fc58 34326 gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb
 db1498584cdeb6278d5deed4083bf5ef3be31a9a 127708 libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb
 2002f6798b9b3d21b55c44d26e9a73cdcc804db7 158900 libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb
 bb1fdce423892eaccd47451a986ab7f0edabe5ff 132238 libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb
 0b012fd7a1390cd875b6ae8ae6f3c6db74c3fd84 165658 libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb
 886674499ec98bf25343497666fc2413359751f2 44778 libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb
 2b2b8ac0289c7c8b8a4aa3385be6b2e2d974516c 49336 libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb
 e2edcd563a0411d2b4805e7c1de003e018fb6151 140904 poppler-utils_0.26.5-2+deb8u5_amd64.deb
 75524dc64725452d4ab5d0993f8fe50df4414190 7699424 poppler-dbg_0.26.5-2+deb8u5_amd64.deb
Checksums-Sha256:
 902cba51b4898917e0e86e11a71b01834faf6ed7174a7334ffc0985a6cbb858f 3331 poppler_0.26.5-2+deb8u5.dsc
 fa1784e8629ad163d1c5f786a9c80974d57be2b82b4e84a57acfb4bc0a2611d9 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz
 b17ea73d482a2072560f630bc7d98b91b96e409de47560310561bee2d3224c86 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb
 7ce04869e65d67689562a2288c898480bbfa65732fd4b1030ac0924ae4f00dd9 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb
 6b6f57f2338427dfea852a23d256b3fd0f46e54475caa8b29c1d3d9f01a4721a 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb
 12545af757777fc9f5487bcd9c671431c1d112a38e3f47e75ab0b7d56083dc7a 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb
 12a2872eaa4ad20b0c5a3428cb1eeba9d7653cc592136b03780e66b82005d8f1 163500 libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb
 55d60bcc6bc8347ed25573ff215413e090f11f197acda0b21ef46626b54045ed 85842 libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb
 0bc730cdb05a28b769ead220ff509b78fd91fd7b68432983de59e9c7c865815f 34326 gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb
 8a00ba7f5410e13540bd891de597034abac725ace3a17a4a3a7c8dee19ae35a7 127708 libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb
 c56e077901dc7182ba9ef3b29c6fab8b2b9af8585d37c1ecb793d4302f362e0e 158900 libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb
 a0a3f08600b01d5125575a874acefc9e997ca6e7a2651f456f22082cafe0a118 132238 libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb
 ee311e07c470b6791dbe189f17a134a8833ccb92694c6f003d325bd0852cc041 165658 libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb
 509ea73dc158a99016d8ba4a579605b51f7493eed4388297f00c93ae771b5b15 44778 libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb
 0d2325b1809672ac77dfe753df6ffe5a8b12a5bf8c73a9d07d36187d879ac5d7 49336 libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb
 f6c9586cc80068bb2d15abab0390a51bb22dcdd40a322e1fe2378df31443a197 140904 poppler-utils_0.26.5-2+deb8u5_amd64.deb
 5fa3d9031ae56cfde5f81fbefbd2af1275a2f9f7480918918ab96bcfdaeb874a 7699424 poppler-dbg_0.26.5-2+deb8u5_amd64.deb
Files:
 db8f14e3297b66bd49be232a7ef3cf5c 3331 devel optional poppler_0.26.5-2+deb8u5.dsc
 c7e4b070f52ae3fa0419a98116d25dcd 41356 devel optional poppler_0.26.5-2+deb8u5.debian.tar.xz
 f4ee3b75a525a99163ccdd3281e85807 1213944 libs optional libpoppler46_0.26.5-2+deb8u5_amd64.deb
 2fcc08dfeb9ae7ca2bf1b3c3bf298c2d 768576 libdevel optional libpoppler-dev_0.26.5-2+deb8u5_amd64.deb
 9f39db4fdd8837970f328d6baf2a752e 180710 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb
 d996e555d57f34187a6a875aec121374 122298 libs optional libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb
 6152ede6197dbac2edd37521fad63049 163500 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb
 507c8a20d60fcca539dde3753f7b6c93 85842 doc optional libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb
 8e70d6a42f449a6b1ecd309cd287c5e0 34326 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb
 b1e63b2eef8191a892824b293be67949 127708 libs optional libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb
 d18bf583ff21f0dadeba9ed811b7504a 158900 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb
 71939d6379eed2b45b684eb402e5c8ab 132238 libs optional libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb
 f0c7461822f5938f8755e2ae5d72fd2e 165658 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb
 f86756b1ffa67b833aba5c1912f8c457 44778 libs optional libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb
 9a20b5f17e387758a3ab677e70e81454 49336 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb
 acd2c77969aaf7633abbc85ea5de00b9 140904 utils optional poppler-utils_0.26.5-2+deb8u5_amd64.deb
 402d904151db988a6277d746ed21be27 7699424 debug extra poppler-dbg_0.26.5-2+deb8u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlva0/EVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxjsoP/3qhs495VKDSFgBX8xwO83iEKKyE
kBFsnj0cOi8FFo9wSU73s1MJmCAE4hZExJO4REeOGJNy6o+U2THA8Kiz6BO+/axg
gq4PVHza9lW31A+CqAvJ5+dyH9d2BKz6DfFjdl3AJ4LZXqp9eUMe2vW5xd2myU61
bLrKHJ/RhS79tlOhhQgLhw2naizz7ynxypxm23514wDaKYEsx3CFWHiQ+b5eraR6
MwxcAnsuSprt1epB6A5hdbGUQIk4LNscif7M0+uYYbn4gkbyMKsJMAEapmWHET1T
hyJa9k+OHrHeAU1BYQr9wYunyEOsNNZs5TX7Pu0yIpZxGdlBtWzVNCA5vWVTHvUB
hzbSxXYFyODyGwgtetndNyC0LCQKEbq13VzRmtmnEpdEjmRxVOQ+Wf9Qx2uYhlPX
aBw7uR2WB3+Z+NBr+JZ4COs/EyDjg2JS1eO+Mx8t6hCzzEmvEeDbaL7MaN2pdiCe
HZTAwbhxw3Pr2aE8zw4k61iZSrw8DkV06ownDYcSkeS0xL5+om+UOTiI5Xusxmb6
vQ2Nk4tI/kh5twT9wecGYXX/9FKES7ofT301iirpSUxRV3JmXBCfW/5eoS1beK8b
w3UjzDxG6FsLRwV3/DcRl9tescgtpYsqI/A2U7/yzEMztnw/gpsBIHE/oYl0e2LJ
rOyzw6FFheYx6PYq
=oV13
-----END PGP SIGNATURE-----