-
xpdf (3.00-8ubuntu1.12) warty-security; urgency=low
* SECURITY UPDATE: Buffer overflows.
* splash/SplashXPathScanner.cc, xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix
various integer overflows. (Upstream patch from Derek Noonburg)
* CVE-2006-1244
-- Martin Pitt <email address hidden> Wed, 12 Apr 2006 08:11:45 +0000
-
xpdf (3.00-8ubuntu1.11) warty-security; urgency=low
* SECURITY UPDATE: Buffer overflow.
* splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(),
Splash::xorSpan(): Check coordinates for integer overflow.
* CVE-2006-0301
-- Martin Pitt <email address hidden> Fri, 3 Feb 2006 18:06:41 +0000
-
xpdf (3.00-8ubuntu1.10) warty-security; urgency=low
* SECURITY UPDATE: Multiple integer/buffer overflows.
* xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream():
- Check columns for negative or large values.
- CVE-2005-3624
* xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
- Reset numComps to 0 since it's a global variable that is used later.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readHuffmanTables():
- Fix out of bounds array access in Huffman tables.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readMarker():
- Check for EOF in while loop to prevent endless loops.
- CVE-2005-3625
* xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(),
JBIG2Stream::readHalftoneRegionSeg():
- Check user supplied width and height against invalid values.
- Allocate one extra byte to prevent out of bounds access in combine().
* Add missing CVE-2005-0206 to 3.00-8ubuntu1.9 changelog.
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 12:18:26 +0000
-
xpdf (3.00-8ubuntu1.9) warty-security; urgency=low
* SECURITY UPDATE: Multiple integer/buffer overflows.
* xpdf/Stream.cc, DCTStream::readBaselineSOF(),
DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
- Check numComps for invalid values.
- http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
- CVE-2005-3191
* xpdf/Stream.cc, StreamPredictor::StreamPredictor():
- Check rowBytes for invalid values.
- http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
- CVE-2005-3192
* xpdf/JPXStream.cc, JPXStream::readCodestream():
- Check img.nXTiles * img.nYTiles * sizeof for integer overflow.
- http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities
- CVE-2005-3193
-- Martin Pitt <email address hidden> Mon, 12 Dec 2005 11:14:43 +0100
-
xpdf (3.00-8ubuntu1) warty; urgency=low
* debian/xpdf.desktop:
- added a desktop file so xpdf is able to open pdf files in nautilus
(Warty: #1127).
* debian/rules:
- copy the desktop file.
* debian/xpdf-common.postinst:
- register the desktop file.
-- Sebastien Bacher <email address hidden> Fri, 10 Sep 2004 18:16:11 +0200