-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Apr 2025 21:34:52 +0300 Source: poppler Architecture: source Version: 20.09.0-3.1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Changes: poppler (20.09.0-3.1+deb11u2) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-36023: Infinite loop in FoFiType1C::cvtGlyph * CVE-2020-36024: NULL dereference in FoFiType1C::convertToType1 * CVE-2022-37050: Crash in PDFDoc::savePageAs * CVE-2022-37051: Crash in the pdfunite tool * CVE-2022-37052: Reachable assert on XRef::add failure * CVE-2022-38349: pdfunite crash on broken files * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine * CVE-2025-32364: Floating point exception in PSStack::roll * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine Checksums-Sha1: 8a070bf5ee8a15a1cba0688e62995925a5692d96 3280 poppler_20.09.0-3.1+deb11u2.dsc 6ddce8fabce47d8c35ad602cb3ca2cfcef423dd9 1642932 poppler_20.09.0.orig.tar.xz 4609182514e4d5f5273f6dd4ef587f4912103a2a 41040 poppler_20.09.0-3.1+deb11u2.debian.tar.xz Checksums-Sha256: c946c6ebeba9d739e30135c845ec006d83b996cd2a2599cd88526ac2b1f35fa5 3280 poppler_20.09.0-3.1+deb11u2.dsc 4ed6eb5ddc4c37f2435c9d78ff9c7c4036455aea3507d1ce8400070aab745363 1642932 poppler_20.09.0.orig.tar.xz bb95dbdac69931e3adc903346816ea891da363a1972f06b814c2d86298dbff3a 41040 poppler_20.09.0-3.1+deb11u2.debian.tar.xz Files: 75055688aee4855e64b2b8cb4e22d818 3280 devel optional poppler_20.09.0-3.1+deb11u2.dsc 969328317ed60213f78b3502b074b72e 1642932 devel optional poppler_20.09.0.orig.tar.xz 477c158354399cd9b92cee9383d4a9b3 41040 devel optional poppler_20.09.0-3.1+deb11u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgPPmwACgkQiNJCh6LY mLG8gQ//b73wfj6sOjJED7DuRwVsJ1QCqPpyFifEpCQM6dHKYJeMKCLfh1UU4Tp8 kWlS9ptbW1HSuiZm58Zjbe7dQV+E0BNnXKvtwZk0cROfPZYeAhlISZryIaQHescT Ex2lEi5E8lPTZYNgySOma+fNgm/MoHG4Qn6n2WK1SY5Re8lIUgkF/3eujxrxxLo5 /g6nzqglHtJSPNcNcB7Fg8CuxB9gqO+tMfBpXFEa57YdkpqKE/t82O7mgrVFc9Vi shM8v5anlp4RFep+bkfPCCvpp37pyt++DrmmR2SkyFeQExxTQB93O1so8OlrHqPk hfeCCbCALE0rl9X/oBpHxvdsiELddFExCZAlCEjwBfsTMTLM9NAMTDceEhNW0RPA BRbjBh2QpzW9wXz87iB6KPXGairFR3RclQgkgk57bUQygUJenc7wMC3DKxS/DrE0 hiT4LfML4X+n2xljabTck6Os75Vw6eQtlTC8EXxZQYFswDpukDTy/kPYqA5YzlgZ DD3CxSqYUZT95se0NN3Wcklv3dRRmOf5BfR+AisY+liUbLrPgOUgVxbYe3xNBDNM G4SnfttTSSOuNyIQ18eu/yy6q9ZnIBM8Sys3izMt9ehrSoR/yu1GQ4/x+0vEt9Ic wcHNzaqYSfYykmow6997PDeGYhTktfHmBplGTVqL3QLekWMKtKs= =A+hk -----END PGP SIGNATURE-----
