[SECURITY] [DLA 1116-1] poppler security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : poppler
Version : 0.18.4-6+deb7u3
CVE ID : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617
Debian Bug : 876086 876385 876079
It was discovered that poppler, a PDF rendering library, was affected
by several denial-of-service (application crash), null pointer
dereferences and memory corruption bugs:
CVE-2017-14517
NULL Pointer Dereference in the XRef::parseEntry() function in
XRef.cc
CVE-2017-14519
Memory corruption occurs in a call to Object::streamGetChar that
may lead to a denial of service or other unspecified impact.
CVE-2017-14617
Potential buffer overflow in the ImageStream class in Stream.cc,
which may lead to a denial of service or other unspecified impact.
For Debian 7 "Wheezy", these problems have been fixed in version
0.18.4-6+deb7u3.
We recommend that you upgrade your poppler packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlnMEJ9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSlgw/+JPy4ynnGh1DL/387Mn2nIfnRXoMrtUJXMiu3bRfijwgL1vmIzPYS91Ch
QXTdwml8PvnoCl69Pi0QJl3vvKQwJzIS/hG2pxzpHIBoc5thvMJy4rCpCGqs1WoL
VVGqVOWMdmCEjVmFYe72uqtgdpO6bnVYazxEcsiPVEJTql/g7oV3OwCp2cfnKLC4
GAl8kfauBO7p7/wvYkCAinMaIAevIBFrqUsz++XjGjwcCjFpgzJIeVe5usjGoZiv
iYEAr3uUODtQ89VJbDMhXgo+pPRxsAyj1m5YBP9qex7TBB2d4llMkh3WO4dDQL3Y
EuoOg/vjul4rVlkc4ktjuuFeF54Sg2P691QOlnInXrAOVK2YtDVxV1NuL+0USSky
w/eSmTvaBhQ1E7rNdkATbjf/35u/eSu3FeNk4j+4BDslzhQbjzssG2TMVV3tdaib
iyS+Sbm/rYidA5ertClOICpPIztilCpHOu21CkjwVJrtq1Pbi+0wBrA91gD1cg7/
vxcGcD/G6mm6JLYt/5pIKBs3aloMwDZPBPxKvjhcyCuK9kGghJIsgrGnNRuU5Oq3
SsmTO4hvxZrgYw+ERR6yWH0M9IxIfUPcLAd13tduod9BzC556+1dCDPY00wq+SeP
yeolypgAPh6ID0nlQ3khUOWH4mDPyodm9dHupwz5GJhsZv4huU0=
=YSAm
-----END PGP SIGNATURE-----
Reply to: