Accepted poppler 0.4.3-2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 5 Jan 2006 14:54:44 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.3-2
Distribution: unstable
Urgency: high
Maintainer: OndÅ?ej Surý <ondrej@debian.org>
Changed-By: OndÅ?ej Surý <ondrej@debian.org>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
libpoppler0c2 - PDF rendering library
libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076
Changes:
poppler (0.4.3-2) unstable; urgency=high
.
[ Martin Pitt ]
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add debian/patches/003-CVE-2005-3624_5_7.patch:
- poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
+ Check columns for negative or large values.
+ CVE-2005-3624
- poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
+ Reset numComps to 0 since it's a global variable that is used later.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readHuffmanTables():
+ Fix out of bounds array access in Huffman tables.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readMarker():
+ Check for EOF in while loop to prevent endless loops.
+ CVE-2005-3625
- poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
+ Check user supplied width and height against invalid values.
+ Allocate one extra byte to prevent out of bounds access in combine().
* Add debian/patches/004-fix-CVE-2005-3192.patch:
- Fix nVals int overflow check in StreamPredictor::StreamPredictor().
- Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
.
[ OndÅ?ej Surý ]
* Merge changes from Ubuntu (Closes: #346076).
* Enable Cairo output again.
Files:
85bd59f9761a5fc51ee67850f3f8eb84 1730 devel optional poppler_0.4.3-2.dsc
4fb9555f5711c80b3caeb6df7c0913de 124328 devel optional poppler_0.4.3-2.diff.gz
f6909f0d5cba133ce384f74cee24f339 433928 libs optional libpoppler0c2_0.4.3-2_i386.deb
671deea9a7e0cb48bb4c2799f892d8c7 579738 libdevel optional libpoppler-dev_0.4.3-2_i386.deb
516d02d25fdc8232c7d321206e78cee6 39160 libs optional libpoppler0c2-glib_0.4.3-2_i386.deb
cccb06aae626847a2a050fc6d762c1ac 42946 libdevel optional libpoppler-glib-dev_0.4.3-2_i386.deb
a8080202edd1eae7f73aec5a7ead7608 27666 libs optional libpoppler0c2-qt_0.4.3-2_i386.deb
debd121e260aacc1a3ae3e454f0109f9 28644 libdevel optional libpoppler-qt-dev_0.4.3-2_i386.deb
c727731728e2593f2ff495a9aefdcf8a 79482 utils optional poppler-utils_0.4.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDvSbE9OZqfMIN8nMRAj9mAJ4gbjNrYS9I9mrGiI+0jIP35s2dtgCfUAEO
50aIKYptzQhsGXOV0dy3cDA=
=q+1o
-----END PGP SIGNATURE-----
Accepted:
libpoppler-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-dev_0.4.3-2_i386.deb
libpoppler-glib-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-glib-dev_0.4.3-2_i386.deb
libpoppler-qt-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-qt-dev_0.4.3-2_i386.deb
libpoppler0c2-glib_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2-glib_0.4.3-2_i386.deb
libpoppler0c2-qt_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2-qt_0.4.3-2_i386.deb
libpoppler0c2_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2_0.4.3-2_i386.deb
poppler-utils_0.4.3-2_i386.deb
to pool/main/p/poppler/poppler-utils_0.4.3-2_i386.deb
poppler_0.4.3-2.diff.gz
to pool/main/p/poppler/poppler_0.4.3-2.diff.gz
poppler_0.4.3-2.dsc
to pool/main/p/poppler/poppler_0.4.3-2.dsc
Reply to: