Format: 1.7
Date: Mon, 19 Oct 2009 19:27:20 -0400
Source: poppler
Binary: libpoppler1-qt libpoppler-glib-dev libpoppler1 poppler-utils libpoppler-qt-dev libpoppler-dev libpoppler1-glib
Architecture: ia64
Version: 0.5.1-0ubuntu7.6
Distribution: dapper
Urgency: low
Maintainer: Ubuntu/ia64 Build Daemon <buildd@hooker.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
 libpoppler1 - PDF rendering library
 libpoppler1-glib - PDF rendering library (GLib-based shared library)
 libpoppler1-qt - PDF rendering library (Qt-based shared library)
 poppler-utils - PDF utilitites (based on libpoppler)
Changes: 
 poppler (0.5.1-0ubuntu7.6) dapper-security; urgency=low
 .
   * SECURITY UPDATE: unsafe malloc usage
     - debian/patches/104_security_CVE-2009-3605.patch: introduce gmallocn3
       and add additional allocation size checks in goo/gmem.{c,h}, replace
       malloc calls with safe versions in glib/poppler-page.cc,
       poppler/{ArthurOutputDev,CairoOutputDev,GfxState,JBIG2Stream,
       PSOutputDev,SplashOutputDev}.cc, splash/{Splash,SplashFTFont}.cc.
     - CVE-2009-3605
   * SECURITY UPDATE: denial of service or arbitrary code execution via
     overflow in rowSize computation
     - debian/patches/105_security_CVE-2009-360x.patch: make sure width
       value is sane in splash/SplashBitmap.cc.
     - CVE-2009-3603
   * SECURITY UPDATE: denial of service or arbitrary code execution via
     overflow in pixel buffer size calculation
     - debian/patches/105_security_CVE-2009-360x.patch: make sure yp value
       is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
     - CVE-2009-3604
   * SECURITY UPDATE: denial of service or arbitrary code execution via
     overflow in object stream handling
     - debian/patches/105_security_CVE-2009-360x.patch: limit number of
       nObjects in poppler/XRef.cc.
     - CVE-2009-3608
   * SECURITY UPDATE: denial of service or arbitrary code execution via
     integer overflow in ImageStream::ImageStream
     - debian/patches/105_security_CVE-2009-360x.patch: check size of width
       and nComps in poppler/Stream.cc.
     - CVE-2009-3609
Files: 
 efe60bd91212ca41ce98d407b3233ab0 746534 libs optional libpoppler1_0.5.1-0ubuntu7.6_ia64.deb
 73573670d0e49b0e75aefeacba44d950 971604 libdevel optional libpoppler-dev_0.5.1-0ubuntu7.6_ia64.deb
 91eeec62a00b62cd5d462ab5dced2e9a 59780 libs optional libpoppler1-glib_0.5.1-0ubuntu7.6_ia64.deb
 a0b64cc467ad20fc028bdcb62a3bbf58 68050 libdevel optional libpoppler-glib-dev_0.5.1-0ubuntu7.6_ia64.deb
 c03d92ed8ba3484f7ba2047994cf3a9e 47052 libs optional libpoppler1-qt_0.5.1-0ubuntu7.6_ia64.deb
 385627248989de96ad2103b0e9ea885c 52422 libdevel optional libpoppler-qt-dev_0.5.1-0ubuntu7.6_ia64.deb
 8490ca07fcd0421b75595fb9520b336c 125476 utils optional poppler-utils_0.5.1-0ubuntu7.6_ia64.deb