Accepted xpdf 3.01-9.1+etch6 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 02 May 2009 14:12:12 +0200
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source amd64 all
Version: 3.01-9.1+etch6
Distribution: oldstable-security
Urgency: high
Maintainer: noahm@debian.org
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 524809
Changes:
xpdf (3.01-9.1+etch6) oldstable-security; urgency=high
.
* Non-maintainer upload.
* This update fixes various security issues (Closes: #524809):
- CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
Files:
9c04059981f8b036d7e6e39c7f0aeb21 974 text optional xpdf_3.01-9.1+etch6.dsc
c69a67b9ff487403e7c3ff819c6ff734 46835 text optional xpdf_3.01-9.1+etch6.diff.gz
d6da8e00b02ab3f17ec44b90fff6bb30 1278 text optional xpdf_3.01-9.1+etch6_all.deb
dd8f37161c3b2430cb1cd65c911e9f86 62834 text optional xpdf-common_3.01-9.1+etch6_all.deb
171520d7642019943bfe7166876f5da5 809202 text optional xpdf-reader_3.01-9.1+etch6_amd64.deb
9575f135e9ec312f9e6d7d2517dd8f5b 1493308 text optional xpdf-utils_3.01-9.1+etch6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ/3IeYrVLjBFATsMRAkolAJ9EgMM8LxG3Hrnuaee7DtcGvjeuXACfa0Nq
To8Llx9RAjN+9FpltmxpS80=
=ysF6
-----END PGP SIGNATURE-----
Accepted:
xpdf-common_3.01-9.1+etch6_all.deb
to pool/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb
xpdf-reader_3.01-9.1+etch6_amd64.deb
to pool/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb
xpdf-utils_3.01-9.1+etch6_amd64.deb
to pool/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb
xpdf_3.01-9.1+etch6.diff.gz
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz
xpdf_3.01-9.1+etch6.dsc
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc
xpdf_3.01-9.1+etch6_all.deb
to pool/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb
Reply to: