Package: release.debian.org Control: affects -1 + src:poppler X-Debbugs-Cc: poppler@packages.debian.org, team@security.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags:trixie [ Reason ] Fix infinite recursion [CVE-2025-50420] [ Impact ] This update copies the security fix applied in Ubuntu. The Debian Security team has marked the issue as "no-dsa" for bookworm. https://security-tracker.debian.org/tracker/CVE-2025-50420 https://ubuntu.com/security/CVE-2025-50420 https://launchpad.net/ubuntu/+source/poppler [ Tests ] This package has autopkgtests which are passing for forky. I built the package on trixie, installed the packages on Debian 13, and successfully completed the test cases from https://wiki.ubuntu.com/DesktopTeam/TestPlans/Papers I did not specifically test the security fix. [ Risks ] Key package for multiple desktops. If it's not possible to use the GNOME default app Evince or the KDE default app Okular to load PDFs, Firefox ESR and other browsers can load PDFs instead. [ Checklist ] [✔️] all changes are documented in the d/changelog [✔️] I reviewed all changes and I approve them [✔️] attach debdiff against the package in stable [✔️] the issue is verified as fixed in unstable Thank you, Jeremy Bícha
Attachment:
poppler_25.03.0-5+deb13u1.debdiff
Description: Binary data