Ubuntu

“poppler” 0.10.5-1ubuntu2.4 source package in Ubuntu

Changelog

poppler (0.10.5-1ubuntu2.4) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service or arbitrary code execution via
    unsafe malloc usage
    - debian/patches/30_security_CVE-2009-3605.patch: introduce gmallocn3
      in goo/gmem.{cc,h} and replace malloc calls with safe versions in
      glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
      GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
      splash/{SplashBitmap,Splash,SplashFTFont}.cc.
    - CVE-2009-3605
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in rowSize computation
    - debian/patches/31_security_CVE-2009-360x.patch: make sure width value
      is sane in splash/SplashBitmap.cc.
    - CVE-2009-3603
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in pixel buffer size calculation
    - debian/patches/31_security_CVE-2009-360x.patch: make sure yp value
      is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
    - CVE-2009-3604
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in object stream handling
    - debian/patches/31_security_CVE-2009-360x.patch: limit number of
      nObjects in poppler/XRef.cc.
    - CVE-2009-3608
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    integer overflow in ImageStream::ImageStream
    - debian/patches/31_security_CVE-2009-360x.patch: check size of width
      and nComps in poppler/Stream.cc.
    - CVE-2009-3609
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in create_surface_from_thumbnail_data
    - debian/patches/32_security_CVE-2009-3607.patch: eliminate g_malloc in
      glib/poppler-page.cc.
    - CVE-2009-3607

 -- Marc Deslauriers <email address hidden>   Tue, 20 Oct 2009 09:26:30 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-10-20
Uploaded to:
Jaunty
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
poppler_0.10.5.orig.tar.gz 1.4 MiB 125f671a19707861132fb03e73b61184
poppler_0.10.5-1ubuntu2.4.diff.gz 21.5 KiB 7c17d321cd599e6da3dd33bd59f01565
poppler_0.10.5-1ubuntu2.4.dsc 1.6 KiB d683c76a2156ca77317d7435b255fbe1

Binary packages built by this source

libpoppler-dev: No summary available for libpoppler-dev in ubuntu jaunty.

No description available for libpoppler-dev in ubuntu jaunty.

libpoppler-glib-dev: No summary available for libpoppler-glib-dev in ubuntu jaunty.

No description available for libpoppler-glib-dev in ubuntu jaunty.

libpoppler-glib4: No summary available for libpoppler-glib4 in ubuntu jaunty.

No description available for libpoppler-glib4 in ubuntu jaunty.

libpoppler-qt-dev: No summary available for libpoppler-qt-dev in ubuntu jaunty.

No description available for libpoppler-qt-dev in ubuntu jaunty.

libpoppler-qt2: No summary available for libpoppler-qt2 in ubuntu jaunty.

No description available for libpoppler-qt2 in ubuntu jaunty.

libpoppler-qt4-3: No summary available for libpoppler-qt4-3 in ubuntu jaunty.

No description available for libpoppler-qt4-3 in ubuntu jaunty.

libpoppler-qt4-dev: No summary available for libpoppler-qt4-dev in ubuntu jaunty.

No description available for libpoppler-qt4-dev in ubuntu jaunty.

libpoppler4: No summary available for libpoppler4 in ubuntu jaunty.

No description available for libpoppler4 in ubuntu jaunty.

poppler-dbg: No summary available for poppler-dbg in ubuntu jaunty.

No description available for poppler-dbg in ubuntu jaunty.

poppler-utils: No summary available for poppler-utils in ubuntu jaunty.

No description available for poppler-utils in ubuntu jaunty.