poppler 0.6.4-1ubuntu3.3 source package in Ubuntu

Changelog

poppler (0.6.4-1ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service or arbitrary code execution via
    unsafe malloc usage
    - debian/patches/105_security_CVE-2009-3605.patch: introduce gmallocn3
      in goo/gmem.{cc,h} and replace malloc calls with safe versions in
      glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
      GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
      splash/{SplashBitmap,Splash,SplashFTFont}.cc.
    - CVE-2009-3605
  * SECURITY UPDATE: denial of service via invalid Form Opt entry
    (LP: #321764)
    - debian/patches/106_security_CVE-2009-0755.patch: handle invalid Opt
      entry gracefully in poppler/Form.cc.
    - CVE-2009-0755
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in rowSize computation
    - debian/patches/107_security_CVE-2009-360x.patch: make sure width
      value is sane in splash/SplashBitmap.cc.
    - CVE-2009-3603
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in pixel buffer size calculation
    - debian/patches/107_security_CVE-2009-360x.patch: make sure yp value
      is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
    - CVE-2009-3604
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in object stream handling
    - debian/patches/107_security_CVE-2009-360x.patch: limit number of
      nObjects in poppler/XRef.cc.
    - CVE-2009-3608
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    integer overflow in ImageStream::ImageStream
    - debian/patches/107_security_CVE-2009-360x.patch: check size of width
      and nComps in poppler/Stream.cc.
    - CVE-2009-3609

 -- Marc Deslauriers <email address hidden>   Mon, 19 Oct 2009 11:14:11 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-10-20
Uploaded to:
Hardy
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
poppler_0.6.4.orig.tar.gz 1.2 MiB 13d12ca4e349574cfbbcf4a9b2b3ae52
poppler_0.6.4-1ubuntu3.3.diff.gz 21.5 KiB dc4e94beeae281169523c1e7d2e10c73
poppler_0.6.4-1ubuntu3.3.dsc 1.2 KiB ec6fcf282f0db7c3d787e238d31673aa

View changes file

Binary packages built by this source

libpoppler-dev: No summary available for libpoppler-dev in ubuntu hardy.

No description available for libpoppler-dev in ubuntu hardy.

libpoppler-glib-dev: No summary available for libpoppler-glib-dev in ubuntu hardy.

No description available for libpoppler-glib-dev in ubuntu hardy.

libpoppler-glib2: No summary available for libpoppler-glib2 in ubuntu hardy.

No description available for libpoppler-glib2 in ubuntu hardy.

libpoppler-qt-dev: No summary available for libpoppler-qt-dev in ubuntu hardy.

No description available for libpoppler-qt-dev in ubuntu hardy.

libpoppler-qt2: No summary available for libpoppler-qt2 in ubuntu hardy.

No description available for libpoppler-qt2 in ubuntu hardy.

libpoppler-qt4-2: No summary available for libpoppler-qt4-2 in ubuntu hardy.

No description available for libpoppler-qt4-2 in ubuntu hardy.

libpoppler-qt4-dev: No summary available for libpoppler-qt4-dev in ubuntu hardy.

No description available for libpoppler-qt4-dev in ubuntu hardy.

libpoppler2: No summary available for libpoppler2 in ubuntu hardy.

No description available for libpoppler2 in ubuntu hardy.

poppler-utils: No summary available for poppler-utils in ubuntu hardy.

No description available for poppler-utils in ubuntu hardy.