Hi, Am 28.04.25 um 11:52 schrieb Adrian Bunk:
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: security@debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org> * CVE-2023-34872: OutlineItem::open crash on malformed files * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine * CVE-2025-32364: Floating point exception in PSStack::roll * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
What about https://security-tracker.debian.org/tracker/CVE-2025-43903 ("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."). If one is at it for bookworm anyway..
Regards,
Rene