Format: 1.7 Date: Mon, 19 Oct 2009 11:14:11 -0400 Source: poppler Binary: libpoppler2 libpoppler-dev libpoppler-glib2 libpoppler-glib-dev libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-2 libpoppler-qt4-dev poppler-utils Architecture: i386 Version: 0.6.4-1ubuntu3.3 Distribution: hardy Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib2 - PDF rendering library (GLib-based shared library) libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface) libpoppler-qt2 - PDF rendering library (Qt 3 based shared library) libpoppler-qt4-2 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler2 - PDF rendering library poppler-utils - PDF utilitites (based on libpoppler) Launchpad-Bugs-Fixed: 321764 Changes: poppler (0.6.4-1ubuntu3.3) hardy-security; urgency=low . * SECURITY UPDATE: denial of service or arbitrary code execution via unsafe malloc usage - debian/patches/105_security_CVE-2009-3605.patch: introduce gmallocn3 in goo/gmem.{cc,h} and replace malloc calls with safe versions in glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev, GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc, splash/{SplashBitmap,Splash,SplashFTFont}.cc. - CVE-2009-3605 * SECURITY UPDATE: denial of service via invalid Form Opt entry (LP: #321764) - debian/patches/106_security_CVE-2009-0755.patch: handle invalid Opt entry gracefully in poppler/Form.cc. - CVE-2009-0755 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in rowSize computation - debian/patches/107_security_CVE-2009-360x.patch: make sure width value is sane in splash/SplashBitmap.cc. - CVE-2009-3603 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in pixel buffer size calculation - debian/patches/107_security_CVE-2009-360x.patch: make sure yp value is sane in splash/Splash.cc, splash/SplashErrorCodes.h. - CVE-2009-3604 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in object stream handling - debian/patches/107_security_CVE-2009-360x.patch: limit number of nObjects in poppler/XRef.cc. - CVE-2009-3608 * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflow in ImageStream::ImageStream - debian/patches/107_security_CVE-2009-360x.patch: check size of width and nComps in poppler/Stream.cc. - CVE-2009-3609 Files: 119416a864ad74672ca6ae4ac58d43ce 622942 libs optional libpoppler2_0.6.4-1ubuntu3.3_i386.deb 14f855567511009760acf692c5f89684 839448 libdevel optional libpoppler-dev_0.6.4-1ubuntu3.3_i386.deb 6d121599ab1e673ef77bbbdbe9f757a0 52348 libs optional libpoppler-glib2_0.6.4-1ubuntu3.3_i386.deb 362d45cf1e5f592b12ea856cd30cd32c 102846 libdevel optional libpoppler-glib-dev_0.6.4-1ubuntu3.3_i386.deb de8b30c3222e60f1d03269eab81699e4 25052 libs optional libpoppler-qt2_0.6.4-1ubuntu3.3_i386.deb f0c93f9e47e1f0fcf29f4b08c534c33e 42408 libdevel optional libpoppler-qt-dev_0.6.4-1ubuntu3.3_i386.deb 51ee5444da2b1c3b5f127710aa336efa 143624 libs optional libpoppler-qt4-2_0.6.4-1ubuntu3.3_i386.deb 019b17e18eb324b59dcee9d21e423135 189926 libdevel optional libpoppler-qt4-dev_0.6.4-1ubuntu3.3_i386.deb 6973e5e2d963207ebcd71f39314c6a13 73696 utils optional poppler-utils_0.6.4-1ubuntu3.3_i386.deb Original-Maintainer: Ondřej Surý