-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Oct 2023 06:58:22 -0400 Source: qpdf Architecture: source Version: 11.3.0-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Jay Berkenbilt <qjb@debian.org> Changed-By: Jay Berkenbilt <qjb@debian.org> Closes: 1054158 Changes: qpdf (11.3.0-1+deb12u1) bookworm; urgency=medium . * Fix data loss bug introduced in 11.0.0 and fixed in 11.6.3. The bug causes the qpdf tokenizer to discard the character after a one-digit or two-digit quoted octal string. Most writers don't create these, and they are rare outside of content streams. By default, qpdf doesn't parse content streams. The most common place for this to occur would be in a document's /ID string, but in the worst case, this bug could cause silent damage to some strings in a PDF file's metadata, such as bookmark names or form field values. (Closes: #1054158) Checksums-Sha1: 49f82f23d89acf28e29d84eadb9eb18414425eb6 2216 qpdf_11.3.0-1+deb12u1.dsc 227420eb5c69efded9bdefc72e22c5cc5f2618f0 14864 qpdf_11.3.0-1+deb12u1.debian.tar.xz 097e13c0be06c721ee7635567cc5e1dbe8274d75 8300 qpdf_11.3.0-1+deb12u1_amd64.buildinfo Checksums-Sha256: ecc031498331265c118c477eb88dab969ece147f4a9f9b0a616cb217df58fddb 2216 qpdf_11.3.0-1+deb12u1.dsc e7e1baa90d9d90ab651df0951b1c0bdbfcad8831afe279a2d8990a6149ce8523 14864 qpdf_11.3.0-1+deb12u1.debian.tar.xz 29b9ff65cb9973b28901c87767c35ab4c3bdf9a448f3b9946f86f0fd53190f2f 8300 qpdf_11.3.0-1+deb12u1_amd64.buildinfo Files: 99e8969a189925b29bffe68c2b49c199 2216 libs optional qpdf_11.3.0-1+deb12u1.dsc d6309e1d617a65a8574d2b99bcc89708 14864 libs optional qpdf_11.3.0-1+deb12u1.debian.tar.xz c656e46cb3c655849803d1d6e3223895 8300 libs optional qpdf_11.3.0-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCAAtFiEEwslrEAEf4Anm0d+CinXRCZgBLH4FAmUv+bUPHHFqYkBkZWJp YW4ub3JnAAoJEIp10QmYASx+Ve8P+weIY2SzWtl9Fytzw+V99y10TwbDDHdCQuV8 Eulf7P9ys2rETgUyurdxH7KFtKTA1mLuQ/RUqMM9lbPTpoc73IZ5NfJavnL5Zz6q mur3VqX+bzBFxZzsQ6NS9Ab9Ik5G67GZb9LBydAtFYIunT1ZcBQ8f+pcrQx6MLe5 i8tTU2g9l7DOK/7H2aa2gBJS4FowKvuRKQN8i1L4iMibF7euUDnltDqqE+OyZsT6 H2C8hmlWeI4emFasTSihDMHGkHX6ByHOzK53Nz1ooBFi8XRQUUkXY7+eZhU1Myg9 U2p3UudaIRCJV2l1fSALVIo1vccuoycmJepCWQFI2rTDs578AxHrdDZMe+u0m0qQ ++tSU9rQVfaak/w1HaDtA2w3LF0UfSKTfxLK7hCydbMaZkw7FHaeNxyhHPj1kbI5 WOe9IAtY0hhmoAOL2cUaspHwlTC+uXQodf1IzmDvpxX1XsCTfnm0wTgbSlmIdFGO WFDnpELC6z2S6KVQBnlcoySzMOWeGJ6huMni156YKACUcdv18e28wVPuL6KL8BOL WEV4EtdZeKqDlH3wu5t1AFCjcXWmbMfl6u/7m+1SO+37+99Xc67aJg/B4ooNe1q7 GBP+9WJKeFzYn+mt6hfhRCK8ibLWcGHO5pdLkYdH0RCryythUqeYjZn8pUi7SlCM fvjtSHs4 =My+w -----END PGP SIGNATURE-----
