Ubuntu
xpdf package

Change logs for xpdf source package in Warty

  1. Warty (4.10)
  2. Change log 
  • xpdf (3.00-8ubuntu1.12) warty-security; urgency=low

  * SECURITY UPDATE: Buffer overflows.
  * splash/SplashXPathScanner.cc, xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix
    various integer overflows. (Upstream patch from Derek Noonburg)
  * CVE-2006-1244

 -- Martin Pitt <email address hidden>   Wed, 12 Apr 2006 08:11:45 +0000
  • xpdf (3.00-8ubuntu1.11) warty-security; urgency=low

  * SECURITY UPDATE: Buffer overflow.
  * splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(),
    Splash::xorSpan(): Check coordinates for integer overflow.
  * CVE-2006-0301

 -- Martin Pitt <email address hidden>   Fri,  3 Feb 2006 18:06:41 +0000
  • xpdf (3.00-8ubuntu1.10) warty-security; urgency=low


  * SECURITY UPDATE: Multiple integer/buffer overflows.
  * xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream():
    - Check columns for negative or large values.
    - CVE-2005-3624
  * xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: 
    - Reset numComps to 0 since it's a global variable that is used later.
    - CVE-2005-3627
  * xpdf/Stream.cc, DCTStream::readHuffmanTables():
    - Fix out of bounds array access in Huffman tables.
    - CVE-2005-3627
  * xpdf/Stream.cc, DCTStream::readMarker():
    - Check for EOF in while loop to prevent endless loops.
    - CVE-2005-3625
  * xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(),
    JBIG2Stream::readHalftoneRegionSeg():
    - Check user supplied width and height against invalid values.
    - Allocate one extra byte to prevent out of bounds access in combine().
  * Add missing CVE-2005-0206 to 3.00-8ubuntu1.9 changelog.

 -- Martin Pitt <email address hidden>  Thu,  5 Jan 2006 12:18:26 +0000
  • xpdf (3.00-8ubuntu1.9) warty-security; urgency=low


  * SECURITY UPDATE: Multiple integer/buffer overflows.
  * xpdf/Stream.cc, DCTStream::readBaselineSOF(),
    DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
    - Check numComps for invalid values.
    - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
    - CVE-2005-3191
  * xpdf/Stream.cc, StreamPredictor::StreamPredictor():
    - Check rowBytes for invalid values.
    - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
    - CVE-2005-3192
  * xpdf/JPXStream.cc, JPXStream::readCodestream():
    - Check img.nXTiles * img.nYTiles * sizeof for integer overflow.
    - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities
    - CVE-2005-3193

 -- Martin Pitt <email address hidden>  Mon, 12 Dec 2005 11:14:43 +0100
  • xpdf (3.00-8ubuntu1) warty; urgency=low


  * debian/xpdf.desktop:
    - added a desktop file so xpdf is able to open pdf files in nautilus
      (Warty: #1127).
  * debian/rules:
    - copy the desktop file.
  * debian/xpdf-common.postinst:
    - register the desktop file.

 -- Sebastien Bacher <email address hidden>  Fri, 10 Sep 2004 18:16:11 +0200