Accepted xpdf 3.01-9.1+etch6 (source all amd64)

To: debian-changes@lists.debian.org
Subject: Accepted xpdf 3.01-9.1+etch6 (source all amd64)
From: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Fri, 03 Jul 2009 19:54:13 +0000
Message-id: <[🔎] E1MMopp-0008KI-NR@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 02 May 2009 14:12:12 +0200
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source amd64 all
Version: 3.01-9.1+etch6
Distribution: oldstable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 524809
Changes: 
 xpdf (3.01-9.1+etch6) oldstable-security; urgency=high
 .
   * Non-maintainer upload.
   * This update fixes various security issues (Closes: #524809):
     - CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
       remote attackers to cause a denial of service (crash) via a crafted PDF
       file, related to (1) JBIG2SymbolDict::setBitmap and (2)
       JBIG2Stream::readSymbolDictSeg.
     - CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
       remote attackers to cause a denial of service (crash) via a crafted PDF
       file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
       JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
     - CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
       earlier, as used in Poppler and other products, when running on Mac OS X,
       has unspecified impact, related to "g*allocn."
     - CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, and other products allows remote attackers to cause a denial
       of service (crash) via a crafted PDF file that triggers a free of
       uninitialized memory.
     - CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (crash) via a crafted PDF file
       that triggers an out-of-bounds read.
     - CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
       Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
       and other products allow remote attackers to execute arbitrary code via
       a crafted PDF file.
     - CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
       earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
       allows remote attackers to execute arbitrary code via a crafted PDF file.
     - CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to execute arbitrary code via a crafted PDF file that triggers
       a free of invalid data.
     - CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (crash) via a crafted PDF file that
       triggers a NULL pointer dereference.
     - CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
       other products allow remote attackers to execute arbitrary code via a
       crafted PDF file.
     - CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
       1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (infinite loop and hang) via a
       crafted PDF file.
Files: 
 9c04059981f8b036d7e6e39c7f0aeb21 974 text optional xpdf_3.01-9.1+etch6.dsc
 c69a67b9ff487403e7c3ff819c6ff734 46835 text optional xpdf_3.01-9.1+etch6.diff.gz
 d6da8e00b02ab3f17ec44b90fff6bb30 1278 text optional xpdf_3.01-9.1+etch6_all.deb
 dd8f37161c3b2430cb1cd65c911e9f86 62834 text optional xpdf-common_3.01-9.1+etch6_all.deb
 171520d7642019943bfe7166876f5da5 809202 text optional xpdf-reader_3.01-9.1+etch6_amd64.deb
 9575f135e9ec312f9e6d7d2517dd8f5b 1493308 text optional xpdf-utils_3.01-9.1+etch6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ/3IeYrVLjBFATsMRAkolAJ9EgMM8LxG3Hrnuaee7DtcGvjeuXACfa0Nq
To8Llx9RAjN+9FpltmxpS80=
=ysF6
-----END PGP SIGNATURE-----


Accepted:
xpdf-common_3.01-9.1+etch6_all.deb
  to pool/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb
xpdf-reader_3.01-9.1+etch6_amd64.deb
  to pool/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb
xpdf-utils_3.01-9.1+etch6_amd64.deb
  to pool/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb
xpdf_3.01-9.1+etch6.diff.gz
  to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz
xpdf_3.01-9.1+etch6.dsc
  to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc
xpdf_3.01-9.1+etch6_all.deb
  to pool/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb

Reply to:

Prev by Date: Accepted cscope 15.6-2+etch1 (source i386)
Next by Date: Accepted pango1.0 1.14.8-5+etch1 (source i386 all)
Previous by thread: Accepted cscope 15.6-2+etch1 (source i386)
Next by thread: Accepted pango1.0 1.14.8-5+etch1 (source i386 all)
Index(es):
- Date
- Thread