[SECURITY] [DLA 3620-1] poppler security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3620-1] poppler security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 16 Oct 2023 14:41:13 +0300
Message-id: <[🔎] ZS0hWfgzwMxrBsbn@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3620-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
October 16, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : poppler
Version        : 0.71.0-5+deb10u3
CVE ID         : CVE-2020-23804 CVE-2022-37050 CVE-2022-37051

Several vulnerabilities have been fixed in poppler,
a PDF rendering library.

CVE-2020-23804

    Stack overflow in XRef::readXRefTable()

CVE-2022-37050

    Crash in PDFDoc::savePageAs()

CVE-2022-37051

    Crash in the pdfunite tool

For Debian 10 buster, these problems have been fixed in version
0.71.0-5+deb10u3.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmUtIVUACgkQiNJCh6LY
mLFCbg/9EeMkqDSl+BeHiGlhEdIoJzs2HTah8PhXqbsEzzJnyig+JlEn3d4oe404
y+nrhA2LhrkJFFdElAtWynNL0xk3DWbKZ5FNL9CrdQvJhRshKNumlupAqk4xbvpn
pt2ukISdCrdtEIRKRtyceXmGCYEJsUjvNMkiQ+8MzdwhOO0dgKjO4hmSbEwlMAPy
4L7sZA3lxS8OHBJh0fymTG2Oo2rV7fZoy0Kw/JuJglE7mn/4acYYJUHS9BDr3T44
EHy6STxY9lva4dtsx1svDQjhIf4L2pDtP99kyEPzNOEJPQnaT6QJbuYPGSEVeE8D
tbUiRNG35efjccYZLnULKmxSFYT2XzBaazFNCUQhzZeeuZH9BwDn4nALSARaXwuO
2jO7yI13E6fye8L4StphnVJYSZbMg8O56ZDMBuozQG9uHica2YoldA3Rvnz10w8k
bdXY/4c9SF7D1KdMHy45CcWEdLHDrOoZF7OcZ9fcwzhRsPCRz4xhjmmIaMycoCCH
4WuzLPXnG8WwbkYDpuHAMW+hixzvWNJIdarkgpzhhxoL8KZBFhUsOaUq9K3tcO7d
AZGzWEtfhlFNh1fFtRb0UFkrdF5ooWJ7GRCZbAHaE6Tvl1YhxeGU+B7S8EX79GIO
YNtIPSRMhSg35+hVMy1YNGIId8ma4CauOs3rCGfeDacq2iSjg3Y=
=m81V
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3619-1] batik security update
Next by Date: [SECURITY] [DLA 3621-1] nghttp2 security update
Previous by thread: [SECURITY] [DLA 3619-1] batik security update
Next by thread: [SECURITY] [DLA 3621-1] nghttp2 security update
Index(es):
- Date
- Thread