Accepted xpdf 3.02-1.4+lenny1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 May 2009 10:05:02 +0200
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source all amd64
Version: 3.02-1.4+lenny1
Distribution: stable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 524809
Changes:
xpdf (3.02-1.4+lenny1) stable-security; urgency=high
.
* Non-maintainer upload.
* This update fixes various security issues (Closes: #524809):
- CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
Checksums-Sha1:
84e643c99c2648a58bf1216f62ba6465b00c442c 1266 xpdf_3.02-1.4+lenny1.dsc
f5411fabc97d8239215cab3349a9fa6362e43cef 42280 xpdf_3.02-1.4+lenny1.diff.gz
f9940698840c8a8045677e8be68ab8580903e20a 674912 xpdf_3.02.orig.tar.gz
196ac0c168c9127d1070ed680ec040a12d2b9128 1268 xpdf_3.02-1.4+lenny1_all.deb
0cc4b19819916a1e3f5d415f528c6c41c1804076 67664 xpdf-common_3.02-1.4+lenny1_all.deb
00935a2a5210312d621fa01a10956b8802b01214 921892 xpdf-reader_3.02-1.4+lenny1_amd64.deb
47ea78514eeaf35cabbedf3676608ae5ada57193 1709514 xpdf-utils_3.02-1.4+lenny1_amd64.deb
Checksums-Sha256:
c5b9f9721d3bdcd7ef100a2fc56714b2a03b660dfa2ad0e43686276e10ccb934 1266 xpdf_3.02-1.4+lenny1.dsc
312d5c97ed6333fc1ba4346b178562e72464dc1127c55e854ddd01f13a3d03fc 42280 xpdf_3.02-1.4+lenny1.diff.gz
b33a7d56f454c331ae50996f989e86c9166e57af97b74de28cddf3d51ac11f00 674912 xpdf_3.02.orig.tar.gz
900c0229dad15b9fb0c786a347804faa50d79c0d75dc80f202a6f49418d13a29 1268 xpdf_3.02-1.4+lenny1_all.deb
c922018866e82368a8a0dd09cb7bd581eb89f56d03295f8108c6b8a61dfaa7b0 67664 xpdf-common_3.02-1.4+lenny1_all.deb
9633c16a2e1b160285130b3d4dc57f6e7fefc143bf2cbf6dc7571bfd6b0fe723 921892 xpdf-reader_3.02-1.4+lenny1_amd64.deb
6fbe8c6234767f27ef0e551f0c96f1b3ca83ec98e7cb63aaa913b4212009b738 1709514 xpdf-utils_3.02-1.4+lenny1_amd64.deb
Files:
faeebc4dfc74129ca708a6345bb483f7 1266 text optional xpdf_3.02-1.4+lenny1.dsc
362f72e95494f51a19eeb898b9a527ac 42280 text optional xpdf_3.02-1.4+lenny1.diff.gz
599dc4cc65a07ee868cf92a667a913d2 674912 text optional xpdf_3.02.orig.tar.gz
f67780458dac3c38cd59bfde186f9a3b 1268 text optional xpdf_3.02-1.4+lenny1_all.deb
b5f063bf32cbeaf1aaeec315dc8aff0a 67664 text optional xpdf-common_3.02-1.4+lenny1_all.deb
fb7de1db5e3885365c3ad74c3646ab57 921892 text optional xpdf-reader_3.02-1.4+lenny1_amd64.deb
1e1277251a6dd0bb0a551997efd39175 1709514 text optional xpdf-utils_3.02-1.4+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ/6uyYrVLjBFATsMRAkRuAJ0QPVMMVtXR19JI0HxU56Ip7EjSZgCdHlTj
n8KjZ/uYRucKW6A1d3alBHI=
=c5zQ
-----END PGP SIGNATURE-----
Accepted:
xpdf-common_3.02-1.4+lenny1_all.deb
to pool/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb
xpdf-reader_3.02-1.4+lenny1_amd64.deb
to pool/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb
xpdf-utils_3.02-1.4+lenny1_amd64.deb
to pool/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb
xpdf_3.02-1.4+lenny1.diff.gz
to pool/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz
xpdf_3.02-1.4+lenny1.dsc
to pool/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc
xpdf_3.02-1.4+lenny1_all.deb
to pool/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb
Reply to: