Format: 1.8 Date: Tue, 20 Oct 2009 09:23:31 -0400 Source: poppler Binary: libpoppler3 libpoppler-dev libpoppler-glib3 libpoppler-glib-dev libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-3 libpoppler-qt4-dev poppler-utils poppler-dbg Architecture: amd64 Version: 0.8.7-1ubuntu0.4 Distribution: intrepid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib3 - PDF rendering library (GLib-based shared library) libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface) libpoppler-qt2 - PDF rendering library (Qt 3 based shared library) libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler3 - PDF rendering library poppler-dbg - PDF rendering library - detached debugging symbols poppler-utils - PDF utilitites (based on libpoppler) Launchpad-Bugs-Fixed: 321764 Changes: poppler (0.8.7-1ubuntu0.4) intrepid-security; urgency=low . * SECURITY UPDATE: denial of service or arbitrary code execution via unsafe malloc usage - debian/patches/65_security_CVE-2009-3605.patch: introduce gmallocn3 in goo/gmem.{cc,h} and replace malloc calls with safe versions in glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev, GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc, splash/{SplashBitmap,Splash,SplashFTFont}.cc. - CVE-2009-3605 * SECURITY UPDATE: denial of service via invalid Form Opt entry (LP: #321764) - debian/patches/66_security_CVE-2009-0755.patch: handle invalid Opt entry gracefully in poppler/Form.cc. - CVE-2009-0755 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in rowSize computation - debian/patches/67_security_CVE-2009-360x.patch: make sure width value is sane in splash/SplashBitmap.cc. - CVE-2009-3603 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in pixel buffer size calculation - debian/patches/67_security_CVE-2009-360x.patch: make sure yp value is sane in splash/Splash.cc, splash/SplashErrorCodes.h. - CVE-2009-3604 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in object stream handling - debian/patches/67_security_CVE-2009-360x.patch: limit number of nObjects in poppler/XRef.cc. - CVE-2009-3608 * SECURITY UPDATE: denial of service or arbitrary code execution via integer overflow in ImageStream::ImageStream - debian/patches/67_security_CVE-2009-360x.patch: check size of width and nComps in poppler/Stream.cc. - CVE-2009-3609 * SECURITY UPDATE: denial of service or arbitrary code execution via overflow in create_surface_from_thumbnail_data - debian/patches/68_security_CVE-2009-3607.patch: eliminate g_malloc in glib/poppler-page.cc. - CVE-2009-3607 Checksums-Sha1: a7ac44a4e1110684d00922070a1aa6f43c1c8126 695346 libpoppler3_0.8.7-1ubuntu0.4_amd64.deb 9e9dbfec72ec6629973ac678052fba313fc2afb7 966770 libpoppler-dev_0.8.7-1ubuntu0.4_amd64.deb b3c385e70f4464419983ad49fa53edaa77493a74 64042 libpoppler-glib3_0.8.7-1ubuntu0.4_amd64.deb 19c2fdc8c05c2835ea2f3de75183dda9cbf192ef 123086 libpoppler-glib-dev_0.8.7-1ubuntu0.4_amd64.deb feb729455cb670cea87171f9023dc5fa5493ab40 25640 libpoppler-qt2_0.8.7-1ubuntu0.4_amd64.deb b5f8eba86c1b3a3601d3711cf3f73fd4893d82d2 47810 libpoppler-qt-dev_0.8.7-1ubuntu0.4_amd64.deb 86ba9450e0aab612e14ebc4c226895aa50c2080f 159080 libpoppler-qt4-3_0.8.7-1ubuntu0.4_amd64.deb d389f2feb1711d8de14f1b63f05a1491abb3c955 221642 libpoppler-qt4-dev_0.8.7-1ubuntu0.4_amd64.deb a6cce0f7304ead113564ff88c5b26bf1c2d770f1 79508 poppler-utils_0.8.7-1ubuntu0.4_amd64.deb f744e954549dc8b6993d3143c96310dffff8ac88 3011574 poppler-dbg_0.8.7-1ubuntu0.4_amd64.deb Checksums-Sha256: b8e2a66534da8e99b9ee77e59a2789e5c68a547a36a6e5820522d6a3ee23e97e 695346 libpoppler3_0.8.7-1ubuntu0.4_amd64.deb d5836ba741c58ebce661e0fde999711d46770e8d7eb2759f5b798e7a35e4b295 966770 libpoppler-dev_0.8.7-1ubuntu0.4_amd64.deb 99f37e9763c6136d819df2e12147cbd6a38fc22c29a7d82bed6249f9ca6dd6c2 64042 libpoppler-glib3_0.8.7-1ubuntu0.4_amd64.deb 3c321b74558b9cb8575cd89f7e428e6233be96d11fb4dcf68a17f41bb3b0972f 123086 libpoppler-glib-dev_0.8.7-1ubuntu0.4_amd64.deb 44702c044a8c1c388f0bafe4e8b719347ab87e50347931a6f2101316df813253 25640 libpoppler-qt2_0.8.7-1ubuntu0.4_amd64.deb 5ced8cb2ac9ab8b0595d4128131bc4eca13c2c6be2ed108116033373b5836524 47810 libpoppler-qt-dev_0.8.7-1ubuntu0.4_amd64.deb df12af76f43ca84562f8dac30c72d0d834a0f1538b4a598a1bbfb71bc0c24dd2 159080 libpoppler-qt4-3_0.8.7-1ubuntu0.4_amd64.deb a98464b2810df66100634334a6e981d01cd66eb15e88fc116491159875916df2 221642 libpoppler-qt4-dev_0.8.7-1ubuntu0.4_amd64.deb 736242209327547ca40375f042108cf97c638215b75178f3f607f2a1110a4b51 79508 poppler-utils_0.8.7-1ubuntu0.4_amd64.deb e72712274340a2f3ba0efadd71d04bb425017af9ec3cd6201fdc93574767132c 3011574 poppler-dbg_0.8.7-1ubuntu0.4_amd64.deb Files: 4ed3b91dfa76d01b1e950f94dc1133e6 695346 libs optional libpoppler3_0.8.7-1ubuntu0.4_amd64.deb 8acc6bc0c741a5e817bbee53dbf86d8a 966770 libdevel optional libpoppler-dev_0.8.7-1ubuntu0.4_amd64.deb 3cd74a188283c4149927e7c59adde7de 64042 libs optional libpoppler-glib3_0.8.7-1ubuntu0.4_amd64.deb 1cae2bbd3c71be377d9f876f32b3d065 123086 libdevel optional libpoppler-glib-dev_0.8.7-1ubuntu0.4_amd64.deb f7bb740f8a414a57b53ec2697852a918 25640 libs optional libpoppler-qt2_0.8.7-1ubuntu0.4_amd64.deb 06c3131b490cfdfa6231e95aec4cfd80 47810 libdevel optional libpoppler-qt-dev_0.8.7-1ubuntu0.4_amd64.deb acec6880e769524a5f8ae34ec0e59cd0 159080 libs optional libpoppler-qt4-3_0.8.7-1ubuntu0.4_amd64.deb 32c78853005f4f8d4d2ebe482092d310 221642 libdevel optional libpoppler-qt4-dev_0.8.7-1ubuntu0.4_amd64.deb d32759ad9e23ff7b9eb8ac198487f780 79508 utils optional poppler-utils_0.8.7-1ubuntu0.4_amd64.deb 4d6a39ecdd55e8976d9ec799074c8a73 3011574 libs extra poppler-dbg_0.8.7-1ubuntu0.4_amd64.deb Original-Maintainer: Loic Minier