Format: 1.8
Date: Sun, 16 May 2010 16:03:44 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: hppa
Version: 3.02-1.4ubuntu2.9.04.1
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu/hppa Build Daemon <buildd@kohnen.buildd>
Changed-By: Nicolas Valcárcel Scerpella (Canonical) <nicolas.valcarcel@canonical.com>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Changes: 
 xpdf (3.02-1.4ubuntu2.9.04.1) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
     attackers to execute arbitrary code or an application crash via a crafted
     PDF document.
     - fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
     - CVE-2009-1188 and CVE-2009-3603
   * SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
     Splash::drawImage which might allow remote attackers to cause a denial of
     service (application crash) or possibly execute arbitrary code via a
     crafted PDF document.
     - fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
     - CVE-2009-3604
   * SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
     remote attackers to execute arbitrary code via a crafted PDF document.
     - fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
     - CVE-2009-3606
   * SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
     remote attackers to execute arbitrary code via a crafted PDF document.
     - fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
     - CVE-2009-3608
   * SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
     remote attackers to cause a denial of service via a crafted PDF
     document.
     - fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
     - CVE-2009-3609
   * SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
     3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
     remote attackers to cause a denial of service (crash) via a crafted PDF
     file, related to (1) JBIG2SymbolDict::setBitmap and (2)
     JBIG2Stream::readSymbolDictSeg.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0146
   * SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
     3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
     remote attackers to cause a denial of service (crash) via a crafted PDF
     file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
     JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0147
   * SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
     earlier, as used in Poppler and other products, when running on Mac OS X,
     has unspecified impact, related to "g*allocn."
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0165
   * SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
     and earlier, and other products allows remote attackers to cause a denial
     of service (crash) via a crafted PDF file that triggers a free of
     uninitialized memory.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0166
   * SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
     and earlier, Poppler before 0.10.6, and other products allows remote
     attackers to cause a denial of service (crash) via a crafted PDF file
     that triggers an out-of-bounds read.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0799
   * SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
     Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
     and other products allow remote attackers to execute arbitrary code via
     a crafted PDF file.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-0800
   * SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
     earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
     allows remote attackers to execute arbitrary code via a crafted PDF file.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-1179
   * SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
     and earlier, Poppler before 0.10.6, and other products allows remote
     attackers to execute arbitrary code via a crafted PDF file that triggers
     a free of invalid data.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-1180
   * SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
     and earlier, Poppler before 0.10.6, and other products allows remote
     attackers to cause a denial of service (crash) via a crafted PDF file that
     triggers a NULL pointer dereference.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-1181
   * SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
     3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
     other products allow remote attackers to execute arbitrary code via a
     crafted PDF file.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-1182
   * SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
     1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
     attackers to cause a denial of service (infinite loop and hang) via a
     crafted PDF file.
     - fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
     - CVE-2009-1183
Checksums-Sha1: 
 40e7d3e787b9832d56fa4df3157c9325a729eb77 1076010 xpdf-reader_3.02-1.4ubuntu2.9.04.1_hppa.deb
 1062bc636afdebc07c7b1e90b5d5007d02b5dd0c 1986888 xpdf-utils_3.02-1.4ubuntu2.9.04.1_hppa.deb
Checksums-Sha256: 
 1de0ce42836f1543b2d0a9f4ebb6325971a185dd577a15831727d5d01c6fa8ba 1076010 xpdf-reader_3.02-1.4ubuntu2.9.04.1_hppa.deb
 5b08fe346741c184b76827c8d8620c39a273488f0c3bdd046d9d4219209d41e1 1986888 xpdf-utils_3.02-1.4ubuntu2.9.04.1_hppa.deb
Files: 
 4d93d31ab6195f1d91786e7c0caf373b 1076010 text optional xpdf-reader_3.02-1.4ubuntu2.9.04.1_hppa.deb
 943446b8b77200e1741a35494b8723f4 1986888 text optional xpdf-utils_3.02-1.4ubuntu2.9.04.1_hppa.deb
Original-Maintainer: Hamish Moffatt <hamish@debian.org>