Back to poppler PTS page

Accepted poppler 0.48.0-2+deb9u3 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted poppler 0.48.0-2+deb9u3 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 23 Jul 2020 10:00:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1jyY1M-0003Qx-Ii@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 23 Jul 2020 10:58:44 +0200
Source: poppler
Architecture: source
Version: 0.48.0-2+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 898357 909802 917325 923414 926530 926673 929423
Changes:
 poppler (0.48.0-2+deb9u3) stretch-security; urgency=medium
 .
   * CVE-2018-21009: integer overflow in Parser::makeStream.
   * CVE-2019-12293: heap-based buffer over-read in JPXStream::init
     (closes: #929423)
   * CVE-2019-9200: heap-based buffer underwrite exists in ImageStream::getLine()
     (closes: #923414)
   * CVE-2019-9631: heap-based buffer over-read in downsample_row_box_filter
     (closes: #926673)
   * CVE-2019-10872: heap-based buffer over-read in Splash::blitTransparent
     (closes: #926530)
   * CVE-2017-18267: infinite recursion in FoFiType1C::cvtGlyph
     (closes: #898357)
   * CVE-2018-20481: null pointer dereference via crafted file
     (closes: #917325)
   * CVE-2018-16646: infinite recursion via crafted file
     (closes: #909802)
Checksums-Sha1:
 ee9b3a550b2cf56343d1c5600f04d318762cfcfb 3408 poppler_0.48.0-2+deb9u3.dsc
 d635f326c28d87feee2d6012a4819c44c21154f0 1684164 poppler_0.48.0.orig.tar.xz
 86f264c3cbc8440d19ee3258118eb2cb4b59403b 45284 poppler_0.48.0-2+deb9u3.debian.tar.xz
 8aee03cd73321e6983bcfd464bad0f4c701c493f 6170 poppler_0.48.0-2+deb9u3_source.buildinfo
Checksums-Sha256:
 3a61ff8daf3fbb1e912c1e53a6d00f28ebeccd02cf3fd3c047bff57aca5744c9 3408 poppler_0.48.0-2+deb9u3.dsc
 85a003968074c85d8e13bf320ec47cef647b496b56dcff4c790b34e5482fef93 1684164 poppler_0.48.0.orig.tar.xz
 15f0f179285f946359bc7585561f57f668a1581d16161fee914db4f45bdd8c9a 45284 poppler_0.48.0-2+deb9u3.debian.tar.xz
 91ee48e4a0fa8d75418e6b36780def37740cb7db97285f258044bdf368d63522 6170 poppler_0.48.0-2+deb9u3_source.buildinfo
Files:
 22b960c0a3bf8475bde4cfce662748ff 3408 devel optional poppler_0.48.0-2+deb9u3.dsc
 8d61c91cb9e99ad38bba1b0b4432f174 1684164 devel optional poppler_0.48.0.orig.tar.xz
 93ecbc9a1e98634c56a71aa113b6f527 45284 devel optional poppler_0.48.0-2+deb9u3.debian.tar.xz
 6071e485aa8e30bd006c1af60542fe61 6170 devel optional poppler_0.48.0-2+deb9u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8ZW3oACgkQnUbEiOQ2
gwKnzRAApj/uS6XLy4J/u7M33NV32ajT0VrIaAliy9qGLtgBzy+6xe9rqThwZm0x
5fOa+ouf59Z7CucTVTWO8CfAmZKajBMxvMniJ2AZYJyzivVMHAxJvk4TJ/QM8NYo
Wy1gSNA+9ueNvq9CV7GaXwlyrJaoH1i1vFirg+disxX77XUHF1FKuo9pEjPPj+Gh
2H+n2399A+3Jk73PmkrMe4fnbQGQ7RPvC8ChUAvte6PpnK/yuH9YJhnfEAU55s1E
lLwDv43DYMRPj9Pym0083VFV+EoeHx0JTQDOQ6iSuUXu0Gg7QiQdp8p2DIjarfY0
6Bo76dfmASQZWaJZAR/5r0yxp/mCcENBHterFMuW28yzqNSpsbPvKlkAs8mmrJvy
Or0dtHKNWw9zdMDV2DC3oEkuIPVAsNjteMC6GAQfx4M4aBPw7ZCaOgh16Hv0zkq8
CohikIRwHvGl/M6uz9G2Zf4jNhltV2p4vAyGeuQ4GHjjeANWiWxTEUFhKra4Ha/8
37S62zXn44LCmzUqVYM4lHy+qEPrZPWiCGPjGWQkTrhaRTo72qqXOKkYkEcu7mvu
zuuuLGjRa2hX6q5BpXj/2k3FF2DsX0f8kl4/rN/mkzxcRe0AR+i+fJtdHJviehoF
lWQp9aUwxhDSOmhDOhx6LgxaKxnOGrQ7mRaOGOmFfIeCr+/2VGg=
=xQNF
-----END PGP SIGNATURE-----