Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted poppler 25.03.0-3 (source) into unstable
Date: Mon, 07 Apr 2025 15:38:05 +0000
Signed by: Jeremy Bicha <jeremy.bicha@canonical.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Apr 2025 11:11:10 -0400
Source: poppler
Built-For-Profiles: noudeb
Architecture: source
Version: 25.03.0-3
Distribution: unstable
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Bícha <jbicha@ubuntu.com>
Closes: 1102190 1102191
Launchpad-Bugs-Fixed: 2106404
Changes:
 poppler (25.03.0-3) unstable; urgency=high
 .
   * Team upload
   * SECURITY UPDATE: floating-point exception vulnerability (Closes: #1102190)
      - Cherry-pick upstream fix for the PSStack::roll function
        in Function.cc
      - CVE-2025-32364
   * SECURITY UPDATE: out-of-bounds read vulnerability (Closes: #1102191)
      - Cherry-pick upstream fix for the JBIG2Bitmap::combine function
        in JBIG2Stream.cc (LP: #2106404)
      - CVE-2025-32365
Checksums-Sha1:
 baca1fae9ce2e401afbfa3b25b0899aa17fec319 3934 poppler_25.03.0-3.dsc
 fe819d0fb836f79a176656aea56b944fba779cd3 40588 poppler_25.03.0-3.debian.tar.xz
 0b4a64156fa522dafa0d03afd4acdbb3a6e5818d 16762 poppler_25.03.0-3_source.buildinfo
Checksums-Sha256:
 160dc0ad33758ca34ceb29283c6cab14f79b8034c4afee3034a4154557c9d90a 3934 poppler_25.03.0-3.dsc
 57f8c465d70450c204ceb0d794bdc2846431c4faf3bd861ec108866fea158c4e 40588 poppler_25.03.0-3.debian.tar.xz
 f7fabd3cbf406c27acf82bf747c4df0943b7d852a0ac42eea5b1883306d15c8d 16762 poppler_25.03.0-3_source.buildinfo
Files:
 9ec300749a2c4aa8cfd5372e64fb7f1a 3934 devel optional poppler_25.03.0-3.dsc
 bf32c70c2ef604d71852f56c03dcf9e0 40588 devel optional poppler_25.03.0-3.debian.tar.xz
 78ca2045cef78a229b8803534c27f833 16762 devel optional poppler_25.03.0-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmfz7hoACgkQ5mx3Wuv+
bH2fMA//Ulou2CydTb6hyFyN9hDNN1C3sLU52n8hCq8LbqHjiFWBIMCQJ3KPM3W3
s6/KS0YqCjB5WVoWO89nHamQdQpYW1RpFzHFQfhc9MFjTs3XnRG/p+X8K3jqnL/v
YYqD/0ZqI4a43BT1JxrexTvgN+PLZcPSUPZKbIcOyTDiZrykMUR+ON26X4NutEQ2
NkuzR17cw3WbFqCRYd9SqLd8nJr67fG67avFUz1bjGDvgjQ4SafB7BKykR3BnTm4
rSyz4ZPP4sSonbAHzbM567N2hdxUKd4xnVYkAsb1YpHb9r3WTLFNDEYk3HPV8QdM
vQxrUe5Qla9ZtRq0CR4/2GiuNDT1nl0kyD1EyuZ4F06k/meqz3S6JPyB4wVIzxgP
ze2bsQwNtIqpHxTeQYo4ff/kDCl4sobV3VH45DC8cx6IRlDR/nQLIiXtKzoJLQhQ
4BN+v9FNQCoe4HyHnVUDky2KoLUrNMub66oUpwc3sv3MUS2p38daBcwh/UZ8rndf
HiJilQk1BjCvCt3aU1ZJVch+pgqv00ErsDTaqHz17SzCDiBkHqPOM7FGwltTS6SS
o7t7y4kWHh3qds8SpZE/l9LoSSbwGyLV8SMwsoJvAgMcfBN7yY0ELkqL9NV0bLz7
2aigan+AxypRfwMjzrkTzgC440bsVGhwtVtUq0gdJ1S/gm9nRtg=
=tEBl
-----END PGP SIGNATURE-----

News for package poppler