-
poppler (0.6.4-1ubuntu3.6) hardy-security; urgency=low
* SECURITY UPDATE: invalid memory access issues
- debian/patches/110_security_CVE-2013-1788.patch: add checks in
poppler/Function.cc, poppler/Stream.cc, splash/Splash.cc.
- CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
- debian/patches/111_security_CVE-2013-1790.patch: properly handle
refLine in poppler/Stream.cc.
- CVE-2013-1790
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2013 14:17:55 -0400
-
poppler (0.6.4-1ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/108_security_CVE-2010-3702.patch: properly initialize
parser in poppler/Gfx.cc.
- CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/109_security_CVE-2010-3704.patch: make sure code isn't
< 0 in fofi/FoFiType1.cc.
- CVE-2010-3704
-- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 16:40:32 -0400
-
poppler (0.6.4-1ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: regression in poppler security update (LP: #457985)
- debian/patches/105_security_CVE-2009-3605.patch: update patch to use
gmallocn_checkoverflow in splash/SplashFTFont.cc, as bitmap->h can
be 0 and this could cause a regression with certain applications.
- CVE-2009-3605
-- Marc Deslauriers <email address hidden> Thu, 22 Oct 2009 10:14:11 -0400
-
poppler (0.6.4-1ubuntu3.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or arbitrary code execution via
unsafe malloc usage
- debian/patches/105_security_CVE-2009-3605.patch: introduce gmallocn3
in goo/gmem.{cc,h} and replace malloc calls with safe versions in
glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
splash/{SplashBitmap,Splash,SplashFTFont}.cc.
- CVE-2009-3605
* SECURITY UPDATE: denial of service via invalid Form Opt entry
(LP: #321764)
- debian/patches/106_security_CVE-2009-0755.patch: handle invalid Opt
entry gracefully in poppler/Form.cc.
- CVE-2009-0755
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in rowSize computation
- debian/patches/107_security_CVE-2009-360x.patch: make sure width
value is sane in splash/SplashBitmap.cc.
- CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in pixel buffer size calculation
- debian/patches/107_security_CVE-2009-360x.patch: make sure yp value
is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
- CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in object stream handling
- debian/patches/107_security_CVE-2009-360x.patch: limit number of
nObjects in poppler/XRef.cc.
- CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflow in ImageStream::ImageStream
- debian/patches/107_security_CVE-2009-360x.patch: check size of width
and nComps in poppler/Stream.cc.
- CVE-2009-3609
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2009 11:14:11 -0400
-
poppler (0.6.4-1ubuntu3.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution from
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding.
- debian/patches/104_security_jbig2.patch: prevent integer overflow in
poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
checking, improve error handling, and fix other issues in
poppler/JBIG2Stream.*.
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
-- Marc Deslauriers <email address hidden> Thu, 09 Apr 2009 11:01:08 -0400
-
poppler (0.6.4-1ubuntu3.1) hardy-security; urgency=high
* SECURITY UPDATE: crash via uninitialized pointer free().
* debian/patches/103_page_initialization.patch: upstream fix.
* References
CVE-2008-2950
-- Kees Cook <email address hidden> Sat, 26 Jul 2008 10:23:32 -0700
-
poppler (0.6.4-1ubuntu3) hardy-proposed; urgency=low
* debian/patches/081_from_upstream_fix_evince_reload_crasher.patch:
- upstream change to fix evince crashing sometimes when reloading documents,
the issue was a side effect of the previous change (lp: #242865)
-- Sebastien Bacher <email address hidden> Thu, 26 Jun 2008 17:11:45 +0200
-
poppler (0.6.4-1ubuntu2) hardy-proposed; urgency=low
* debian/patches/080_from_upstream_fix_evince_printing_crasher.patch:
- upstream change from Adrian Johnson, fix an evince printing crasher
(lp: #208485)
-- Sebastien Bacher <email address hidden> Mon, 16 Jun 2008 12:44:01 +0200
-
poppler (0.6.4-1ubuntu1) hardy; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/102_embedded-font-fixes.patch: stronger type-checking.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 13:04:21 -0700
-
poppler (0.6.4-1) unstable; urgency=medium
* Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev,
libpoppler-qt-dev, libpoppler-qt4-dev.
* Add ${misc:Depends}.
* Cleanups.
* New upstream releases; no API change; bug fixes; closes: #459342.
* Fix copyright information to use version 2 of the GPL (instead of version 2
or later); thanks Timo Jyrinki for the patch; closes: #453865.
* Urgency medium for RC bug fix.
* List pdftohtml in poppler-utils' description; closes: #464439.
* Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks
Pino Toscano; closes: #459922.
* Bump up Standards-Version to 3.7.3.
-- Lo?c Minier <email address hidden> Wed, 13 Feb 2008 16:34:29 +0000
-
poppler (0.6.4-0ubuntu1) hardy; urgency=low
* New upstream version
* debian/control:
- updated maintainer information
-- Sebastien Bacher <email address hidden> Mon, 04 Feb 2008 17:50:17 +0100
-
poppler (0.6.2-1) unstable; urgency=low
* New upstream version. (Closes: #447992)
* Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936)
* Changes since 0.6.1:
- Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628)
- Fix a crash on documents with wrong CCITTFaxStream
- Fix a crash in the Cairo renderer with invalid embedded fonts
- Fix a crash with invalid TrueType fonts
- Check if font is inside the clip area before rendering
it to a temporary bitmap in the Splash renderer. Fixes crashes on
incorrect documents
- Do not use exit(1) on DCTStream errors
- Detect form fields at any depth level
- Do not generate appearance stream for radio buttons that are not active
poppler (0.6.1-2) unstable; urgency=low
* Upload to unstable.
poppler (0.6.1-1) experimental; urgency=low
* New upstream version.
* Changes since 0.6.0:
- poppler core:
+ Fix printing with different x and y scale
+ Fix crash when Form Fields array contains references to non
existent objects
+ Fix crash in CairoOutputDev::drawMaskedImage()
+ Fix embedded file description not working on some cases
- Qt4 frontend:
+ Fix printing issue
+ Avoid double free
+ Fix memory leak when dealing with embedded files
- glib frontend:
+ Fix build with --disable-cairo-output
+ Do not return unknown field type for signature form fields
- build system:
+ Support automake-1.10
+ More compatible sh code in qt.m4
- utils:
+ Fix build on Sun Studio compiler
poppler (0.6-1) experimental; urgency=low
* New upstream release. (Closes: #429700)
- merged changes from Ubuntu, courtesy of Sebastien Bacher <email address hidden>
- Fix security issue MOAB-06-01-2007
- Fix security issue CVE-2007-3387
- Fix security issue CVE-2007-5049 (Closes: #443903)
* debian/watch:
- update (Closes: #441012)
* debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install,
debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install,
debian/rules:
- updated for soname change
* debian/libpoppler-glib-dev.install:
- install new test-poppler-glib
* debian/patches/002_CVE-2006-0301.patch:
- dropped, deprecated by the upstream changes
* debian/patches/003_glib-2.0-configure.patch:
* debian/patches/004_CVE-2007-0104.patch:
* debian/patches/005_fix_inverted_text_from_bug_8944.patch:
- dropped, fixed with the new version
* debian/patches/006_pthreads_ldflags.patch:
- updated
-- Sebastien Bacher <email address hidden> Mon, 19 Nov 2007 09:33:04 +0000
-
poppler (0.6-0ubuntu2) gutsy; urgency=low
* debian/patches/090_from_git_fix_forms_fields_crasher.patch:
- patch from git, fix a forms fields array cracher
(LP: #11865)
-- Sebastien Bacher <email address hidden> Fri, 05 Oct 2007 22:47:55 +0200
