[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1104287: bookworm-pu: package poppler/22.12.0-2+deb12u1

On Mon, Apr 28, 2025 at 06:47:27PM +0200, Rene Engelhard wrote:
> Hi,

Hi Rene,

> Am 28.04.25 um 11:52 schrieb Adrian Bunk:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bookworm
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: security@debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
> > 
> >    * CVE-2023-34872: OutlineItem::open crash on malformed files
> >    * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
> >    * CVE-2025-32364: Floating point exception in PSStack::roll
> >    * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
> 
> What about https://security-tracker.debian.org/tracker/CVE-2025-43903 ("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."). If one is at it for bookworm anyway..

you missed the last line I've added there earlier today:
  Might cause regression: https://bugzilla.suse.com/show_bug.cgi?id=1241620#c3

> Regards,
> 
> 
> Rene

cu
Adrian
Reply to: