Bug#822616: jessie-pu: package poppler/0.26.5-2+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
simple jessie-pu for poppler, just fixed in unstable, which fixes
CVE-2015-8868; attached debdiff.
I guess I need to do binary uploads in (old-)stable, right?
Thanks,
--
Pino
diff -Nru poppler-0.26.5/debian/changelog poppler-0.26.5/debian/changelog
--- poppler-0.26.5/debian/changelog 2014-10-19 18:24:18.000000000 +0200
+++ poppler-0.26.5/debian/changelog 2016-04-25 19:02:20.000000000 +0200
@@ -1,3 +1,11 @@
+poppler (0.26.5-2+deb8u1) stable; urgency=medium
+
+ * Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix
+ a crash on invalid files, reported also as CVE-2015-8868; patch
+ upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578)
+
+ -- Pino Toscano <pino@debian.org> Mon, 25 Apr 2016 19:02:11 +0200
+
poppler (0.26.5-2) unstable; urgency=medium
* Backport upstream commit 01723aa17e836e818158dbdc56df642a290be300 to map
diff -Nru poppler-0.26.5/debian/patches/series poppler-0.26.5/debian/patches/series
--- poppler-0.26.5/debian/patches/series 2014-10-19 17:45:40.000000000 +0200
+++ poppler-0.26.5/debian/patches/series 2016-04-25 18:39:35.000000000 +0200
@@ -1,2 +1,3 @@
upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch
qt-visibility.diff
+upstream_Do-not-crash-on-invalid-files.patch
diff -Nru poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch
--- poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch 1970-01-01 01:00:00.000000000 +0100
+++ poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch 2016-04-25 18:39:35.000000000 +0200
@@ -0,0 +1,28 @@
+From b3425dd3261679958cd56c0f71995c15d2124433 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 22 Dec 2015 22:50:33 +0100
+Subject: [PATCH] Do not crash on invalid files
+
+Bug #93476
+---
+ poppler/Function.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/poppler/Function.cc b/poppler/Function.cc
+index 67283df..ee5afc1 100644
+--- a/poppler/Function.cc
++++ b/poppler/Function.cc
+@@ -577,6 +577,10 @@ ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) {
+ goto err2;
+ }
+ n = obj1.arrayGetLength();
++ if (unlikely(n > funcMaxOutputs)) {
++ error(errSyntaxError, -1, "Function's C0 array is wrong length");
++ n = funcMaxOutputs;
++ }
+ for (i = 0; i < n; ++i) {
+ obj1.arrayGet(i, &obj2);
+ if (!obj2.isNum()) {
+--
+2.8.0.rc3
+
Reply to: