-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Mar 2019 19:09:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u8 Distribution: jessie-security Urgency: high Maintainer: Loic Minier <lool@dooz.org> Changed-By: Markus Koschany <apo@debian.org> Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u8) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19058: A reachable abort in Object.h will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. * Fix CVE-2018-20481: Poppler mishandles unallocated XRef entries, which allows remote attackers to cause a denial-of-service (NULL pointer dereference) via a crafted PDF document. * Fix CVE-2018-20662: Poppler allows attackers to cause a denial-of-service (application crash and segmentation fault by crafting a PDF file in which an xref data structure is corrupted. * Fix CVE-2019-7310: A heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause denial-of-service (segmentation fault) or possibly have unspecified other impact. Checksums-Sha1: 4d3f30331877373c8b80223a19515ae4234b6d52 3525 poppler_0.26.5-2+deb8u8.dsc 4db8518d4b323730751aa43bfa5380634ab85147 43452 poppler_0.26.5-2+deb8u8.debian.tar.xz 261c6432ab18cff822a6fae1f0ab3b3455d2b8d2 1212806 libpoppler46_0.26.5-2+deb8u8_amd64.deb 68dbb7822f056d42d36e29f2028849873fa82041 766740 libpoppler-dev_0.26.5-2+deb8u8_amd64.deb 2f433290a5e5b4edbdcdbef1c34ca0c0853d7280 180900 libpoppler-private-dev_0.26.5-2+deb8u8_amd64.deb 98bbb340e4f741154a35620b8a77293fa1f4194a 122968 libpoppler-glib8_0.26.5-2+deb8u8_amd64.deb 1e44fb63b6048d1a57f7edf0241e74cedfe8e71a 163494 libpoppler-glib-dev_0.26.5-2+deb8u8_amd64.deb 1e3974eede228fddb7155b162b402b4c1b1e4c63 86382 libpoppler-glib-doc_0.26.5-2+deb8u8_all.deb 21f8fbd06584a2f774d903f2b004535943589fe3 34802 gir1.2-poppler-0.18_0.26.5-2+deb8u8_amd64.deb 281d7dd8a5fee82128d3ea4e1d0e0705daef8fdb 128156 libpoppler-qt4-4_0.26.5-2+deb8u8_amd64.deb b2f124b1399def6e4f5946d6e67acf0cd7ef6471 159172 libpoppler-qt4-dev_0.26.5-2+deb8u8_amd64.deb 1ee1ad691037c6c47b866383329ba90b57bb28c8 132334 libpoppler-qt5-1_0.26.5-2+deb8u8_amd64.deb 82b120b83423f0187d1b5fe39c486267e6423469 166506 libpoppler-qt5-dev_0.26.5-2+deb8u8_amd64.deb 92adfe5e81dddddd2afd4901fbbab8d89ce76a28 45376 libpoppler-cpp0_0.26.5-2+deb8u8_amd64.deb d9e06eae521dc4628fb1dcb1a64832f602f4d1cc 49814 libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb bb809578bae6ca67bf4953303bf4ed884f7f0af4 141270 poppler-utils_0.26.5-2+deb8u8_amd64.deb beb0f1fd771c80cf147ec68f9ad9d89e8994c8c2 7686250 poppler-dbg_0.26.5-2+deb8u8_amd64.deb Checksums-Sha256: 9044230b7937d276b5dd417a9cfcf3bbf83bc77389d7c8463cc9670ee618ae9a 3525 poppler_0.26.5-2+deb8u8.dsc f9131c2e5e236f364659f5addf3ca33e14f4e171cce19d156e767774a239b927 43452 poppler_0.26.5-2+deb8u8.debian.tar.xz 25c7dd68423239fd57535c9784f08ff9cb03359c3ef9b0c8063412e89f2dafea 1212806 libpoppler46_0.26.5-2+deb8u8_amd64.deb d64b50724a181144e2efa97561e971e4bfa3ce7bb916630c3fd6bb0c2d2ff876 766740 libpoppler-dev_0.26.5-2+deb8u8_amd64.deb a6029443aa7e18243068cc01248ca4d2d44e93afacf09969142c11b6839ca28b 180900 libpoppler-private-dev_0.26.5-2+deb8u8_amd64.deb 854ea906ba6377ba18082c4f28eb09bca6a368a9fff98dec946263ce63c9d005 122968 libpoppler-glib8_0.26.5-2+deb8u8_amd64.deb c99cb8a835611e7b4d92e948688368bbee92569916237e6c45c029cf8434fd00 163494 libpoppler-glib-dev_0.26.5-2+deb8u8_amd64.deb 302bc9222049d4d2c4b4908d493fd4ab6b62d521a275b2e4e4b1eca88ee1b145 86382 libpoppler-glib-doc_0.26.5-2+deb8u8_all.deb 024ded6ab851a790bb7d8d427a830eba22f8e25dba690c5535a0f7a21814f454 34802 gir1.2-poppler-0.18_0.26.5-2+deb8u8_amd64.deb f1ab82da8dfff2d08d2e7d55443933311f2d0eafce6fafcc14e31669ee97f439 128156 libpoppler-qt4-4_0.26.5-2+deb8u8_amd64.deb 333287460fe4b5449d0b342b31872613064f6338942c3504f19057dfd81c4775 159172 libpoppler-qt4-dev_0.26.5-2+deb8u8_amd64.deb fa80545a958289848c95f796715975b5306611e4461f03d9364d1d09f1ed3790 132334 libpoppler-qt5-1_0.26.5-2+deb8u8_amd64.deb 03e996dffdde64a4eac097904c4522dfecc4ef08b9f910d7568798af7616a166 166506 libpoppler-qt5-dev_0.26.5-2+deb8u8_amd64.deb 628fa573446bc47812eef65eb6fd2a01091900ed7223e49998094ce59e85aae4 45376 libpoppler-cpp0_0.26.5-2+deb8u8_amd64.deb cb719603815a3fa5c62e90e8aec2c62674cafedfaf6a7bc70001e532afcfa4a8 49814 libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb 2ab227878de3c7e85403c557658f8458766c1d0d36caa7160c8715c0cb762635 141270 poppler-utils_0.26.5-2+deb8u8_amd64.deb 0e23bd067383c284de1ec7085250aa23f5d7daf4dee6dd09dbb39356ecd66c01 7686250 poppler-dbg_0.26.5-2+deb8u8_amd64.deb Files: 3d1413e69c24907756dcfe806686506e 3525 devel optional poppler_0.26.5-2+deb8u8.dsc 8269bc40ad2711dc4cbd9ab4f19e0f42 43452 devel optional poppler_0.26.5-2+deb8u8.debian.tar.xz 801769c64f619d0ccd93148dafd3dfb4 1212806 libs optional libpoppler46_0.26.5-2+deb8u8_amd64.deb 2e3654c2102c006d49b753bf26e15688 766740 libdevel optional libpoppler-dev_0.26.5-2+deb8u8_amd64.deb 29670b6c6b74d83ee815a6da1f1becab 180900 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u8_amd64.deb 6493a3b171d8c45d37f5cb9a46affaa5 122968 libs optional libpoppler-glib8_0.26.5-2+deb8u8_amd64.deb 145f23006fe2a07d19fa46b9919b9085 163494 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u8_amd64.deb 7a66d5aac8a78c71a65de91f15051517 86382 doc optional libpoppler-glib-doc_0.26.5-2+deb8u8_all.deb 8355857025acdf3cc151d93278ef58f3 34802 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u8_amd64.deb d924fb0364113cc6f1cc911f4545b957 128156 libs optional libpoppler-qt4-4_0.26.5-2+deb8u8_amd64.deb 72f1d78d55f5513a8f51699302e03b31 159172 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u8_amd64.deb fc018058523acf8599ab51a0fe0cb686 132334 libs optional libpoppler-qt5-1_0.26.5-2+deb8u8_amd64.deb 3f64c38792009828e09988bc4f890539 166506 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u8_amd64.deb e7cc486c3c0a3da5792e1ba05bd38110 45376 libs optional libpoppler-cpp0_0.26.5-2+deb8u8_amd64.deb beb298250107488defb6343bef5a1d4b 49814 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb d705493680ae60485adc528e64fb61c3 141270 utils optional poppler-utils_0.26.5-2+deb8u8_amd64.deb 06df19d1a92b18837210e89a9e0cb792 7686250 debug extra poppler-dbg_0.26.5-2+deb8u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyCsexfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk7lgP/jF6cRrTGvXNEhQ4TI1u3TXA9hytzobGMMTM fwUQxfjcL9ndJB/fX/c069NlkqzSV6UqLwrEYbsdDf0Kvj+D6YWd0LNgPsi0U3n6 wTkXfbieWU+q967JzjUoEu6DgGBgy9lrxnB6g71ahvI4TGinK4k7bGZROpqBY+SW 24P12J7w+msAJdaqWTazSkJifwJYwF4/8nJCbORpQlRkKtktJKxRe6nNzVuHxRXM 1I+CDZAn0mLYpVlcpRiXqwX69R2bDAzd1vY7vogLqhJGE+w0tlT77sDMsc0e6Y2Q pJzqjJdLGbFDdFYIb3n+ylZKkHP2xifmxSzjn+iZfoPqpVf0D4sFNzuKIQj7nR1J CKmnDMB2l+TOwwyVm8c1FLSqnP1+bRdqXrxlnbCa9ul0mpQZnj4xu0DLrrMX9lim QKZtb8eHtcpqRjb5j3wkelsExwGUedt4axB6b7Learh6rbESH1USP1x7Z75ah5VM nM/oiEGXWVFpALSo9xeDGAkgWLMkMh9/2tJdwM2RWo1M4H1Y0d02jIIS15OZsXER eLd+3VlP3ktbsgumQCIFQvNxfJzWQ3Jq0skWi1t7RA9LktsgAle1wmzOtRpaQuxs jyq9hbTILgdg8dTsW6NcTRYOgoWsw5LtV4Diiy4U73Dx8pRzbmcl0Nnkr0HieeK2 M0HTyyd/ =Rkv0 -----END PGP SIGNATURE-----