poppler 0.8.7-1ubuntu0.4 source package in Ubuntu

Changelog

poppler (0.8.7-1ubuntu0.4) intrepid-security; urgency=low

  * SECURITY UPDATE: denial of service or arbitrary code execution via
    unsafe malloc usage
    - debian/patches/65_security_CVE-2009-3605.patch: introduce gmallocn3
      in goo/gmem.{cc,h} and replace malloc calls with safe versions in
      glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
      GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
      splash/{SplashBitmap,Splash,SplashFTFont}.cc.
    - CVE-2009-3605
  * SECURITY UPDATE: denial of service via invalid Form Opt entry
    (LP: #321764)
    - debian/patches/66_security_CVE-2009-0755.patch: handle invalid Opt
      entry gracefully in poppler/Form.cc.
    - CVE-2009-0755
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in rowSize computation
    - debian/patches/67_security_CVE-2009-360x.patch: make sure width value
      is sane in splash/SplashBitmap.cc.
    - CVE-2009-3603
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in pixel buffer size calculation
    - debian/patches/67_security_CVE-2009-360x.patch: make sure yp value
      is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
    - CVE-2009-3604
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in object stream handling
    - debian/patches/67_security_CVE-2009-360x.patch: limit number of
      nObjects in poppler/XRef.cc.
    - CVE-2009-3608
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    integer overflow in ImageStream::ImageStream
    - debian/patches/67_security_CVE-2009-360x.patch: check size of width
      and nComps in poppler/Stream.cc.
    - CVE-2009-3609
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    overflow in create_surface_from_thumbnail_data
    - debian/patches/68_security_CVE-2009-3607.patch: eliminate g_malloc in
      glib/poppler-page.cc.
    - CVE-2009-3607

 -- Marc Deslauriers <email address hidden>   Tue, 20 Oct 2009 09:23:31 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-10-20
Uploaded to:
Intrepid
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
poppler_0.8.7.orig.tar.gz 1.4 MiB 9af81429d6f8639c357a5eed25583365
poppler_0.8.7-1ubuntu0.4.diff.gz 23.6 KiB 1da9804b9914b0af10e74e62c9df03c7
poppler_0.8.7-1ubuntu0.4.dsc 1.6 KiB 61fc879aeed7bee88fc003d4adb2da06

View changes file

Binary packages built by this source

libpoppler-dev: No summary available for libpoppler-dev in ubuntu intrepid.

No description available for libpoppler-dev in ubuntu intrepid.

libpoppler-glib-dev: No summary available for libpoppler-glib-dev in ubuntu intrepid.

No description available for libpoppler-glib-dev in ubuntu intrepid.

libpoppler-glib3: No summary available for libpoppler-glib3 in ubuntu intrepid.

No description available for libpoppler-glib3 in ubuntu intrepid.

libpoppler-qt-dev: No summary available for libpoppler-qt-dev in ubuntu intrepid.

No description available for libpoppler-qt-dev in ubuntu intrepid.

libpoppler-qt2: No summary available for libpoppler-qt2 in ubuntu intrepid.

No description available for libpoppler-qt2 in ubuntu intrepid.

libpoppler-qt4-3: No summary available for libpoppler-qt4-3 in ubuntu intrepid.

No description available for libpoppler-qt4-3 in ubuntu intrepid.

libpoppler-qt4-dev: No summary available for libpoppler-qt4-dev in ubuntu intrepid.

No description available for libpoppler-qt4-dev in ubuntu intrepid.

libpoppler3: No summary available for libpoppler3 in ubuntu intrepid.

No description available for libpoppler3 in ubuntu intrepid.

poppler-dbg: No summary available for poppler-dbg in ubuntu intrepid.

No description available for poppler-dbg in ubuntu intrepid.

poppler-utils: No summary available for poppler-utils in ubuntu intrepid.

No description available for poppler-utils in ubuntu intrepid.