-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 Sep 2022 22:02:48 +0200 Source: poppler Architecture: source Version: 20.09.0-3.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1010695 1018971 Changes: poppler (20.09.0-3.1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Hints::readTables: bail out if we run out of file when reading (CVE-2022-27337) (Closes: #1010695) * JBIG2Stream: Fix crash on broken file (CVE-2022-38784) (Closes: #1018971) Checksums-Sha1: 03834356afa669b3baf57836cb302163ca9448f6 3435 poppler_20.09.0-3.1+deb11u1.dsc 6ddce8fabce47d8c35ad602cb3ca2cfcef423dd9 1642932 poppler_20.09.0.orig.tar.xz 8259808ddac545592dc6a8f81020e0fc9f32cd6c 35228 poppler_20.09.0-3.1+deb11u1.debian.tar.xz fa128e73076bf452930669389ebe34b0ccae705f 7828 poppler_20.09.0-3.1+deb11u1_source.buildinfo Checksums-Sha256: f257d924e41bf7f8122e7ade844b9da40a08701b382c65ae012d70ae141dbb50 3435 poppler_20.09.0-3.1+deb11u1.dsc 4ed6eb5ddc4c37f2435c9d78ff9c7c4036455aea3507d1ce8400070aab745363 1642932 poppler_20.09.0.orig.tar.xz e5cadf157ade0d2d93d278f2bd25fdf2caadcc963b99bd5ff59cb24be8bd43d2 35228 poppler_20.09.0-3.1+deb11u1.debian.tar.xz d31e23d23ca08e68ca625a3b0f11133e7d9d876d41e266b287c7c17f4d020296 7828 poppler_20.09.0-3.1+deb11u1_source.buildinfo Files: 03d2deb3aa6dd81b7db3108c1e097ee4 3435 devel optional poppler_20.09.0-3.1+deb11u1.dsc 969328317ed60213f78b3502b074b72e 1642932 devel optional poppler_20.09.0.orig.tar.xz 9db3a79ba9b2e9246da56e78caf7fb4c 35228 devel optional poppler_20.09.0-3.1+deb11u1.debian.tar.xz 479fe47ad5f6d1379496b7283de3bfc4 7828 devel optional poppler_20.09.0-3.1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMTs5FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESS8P/3ZgoyGDxEXsQ2l0msSo9xucZazNTfJ1 81LV0bTKR8Z63ZRxPAr4HzhYEAw2rQrmh8aiQQfxWHTcXTSn7WRZ80odjFZmq0Qp k5aT3WPZdVcuaDof3IO1p+5ycdmVyGYhkKjWEfIhtPU5u2z4Ui5RClyscteICevH kxUQ+6aXiOkdiiHRiC3eEF9NJ3GSz7FiBxlyc9l/uEviSPqq5UEKZZdO/X+MheMR HZXbGuxAgVqB+pLIWnR7eJUP78qPixLvpZ3eCLaWnL0NvGdtDhqZUFokBZZ1ZwHr FqyKlB/p0NAZ4NMs5dUY6Xdpc1KvZqh3DdEVGg91++aRfqGCqn+uPob9gyua05lY 9bmg1S05Erv+qzJSLjBG++54gd4eFqhLLQ2IOMPqk2Zlaz4GRcg7PhgZ1KZssUpp maKoMAVhiN7pPlaUTlu+Q2fHXjSONWVpQeVgh9brrsHnmfc8bhwetyo+Dmt2340+ 0mtKrvk4SMyoB94cZwMh7YoB35LJ7uS70QmZHSyXSY+Y6JW3LXmZYWMd5jqsmL+u WQ4CYCD2gd9PH7cWweD8e39cU1UtecDs4bQbdnHI+i5yeNWvPOjp7qcbRWZ+fcFv ZSLtNEAlALfTdEE61O0sML6hmUu8T6qtqvHvvr426pYoJNMZqZGHVFCvVNF/Xpf5 RrW4Dlk3fWNe =tehu -----END PGP SIGNATURE-----