-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 Jan 2026 10:49:51 -0800 Source: pdfminer Architecture: source Version: 20200726-1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1120642 Changes: pdfminer (20200726-1+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2025-64512: Replace the fix for an arbitrary code execution issue where a malicous, zipped pickle could have contained code that would have automatically executed. Upstream determined that the previous mitigation (uploaded with 20200726-1+deb11u1 via DLA-4374-1) was insufficient; this updated fix entirely replaces the pickle-based mechanism with a safer JSON-based one. (Closes: #1120642) Checksums-Sha1: afb96b586d7fe27d315790d783f695260a7352f0 2370 pdfminer_20200726-1+deb11u2.dsc 137ac25168d3a25cb437b5004d089bd4eea2e0d2 5132764 pdfminer_20200726.orig.tar.xz 64a342ec5c82e1bc8f46f9b2c0d78ffa94375676 15092 pdfminer_20200726-1+deb11u2.debian.tar.xz b057972044f10a327c234ce03e25fc1e5ffcbf45 5523 pdfminer_20200726-1+deb11u2_source.buildinfo Checksums-Sha256: 6beaaadc252e863c42e30c3194f21a2faefd64b9a68944746e8fcecdb8260615 2370 pdfminer_20200726-1+deb11u2.dsc 970e7b06215c9a9d770af1dba9378f7ffffee7dd386e2926d0eee07a4114a6f1 5132764 pdfminer_20200726.orig.tar.xz ca67c796b1fe94fb6deeb4b67e06c6ff50cbab21dfb8ad2bdb3394cfb4191e48 15092 pdfminer_20200726-1+deb11u2.debian.tar.xz a3efe110c26b79d900fe67eaba885df821eca1db58a6b78b0314dce204667b37 5523 pdfminer_20200726-1+deb11u2_source.buildinfo Files: ea27dfa29f674e746fcc89a45d5f98c6 2370 python optional pdfminer_20200726-1+deb11u2.dsc cbab64f3d5331676a955dc24f51a0355 5132764 python optional pdfminer_20200726.orig.tar.xz 52efa8c748b692d1dd035719b07aa6cc 15092 python optional pdfminer_20200726-1+deb11u2.debian.tar.xz acafc3be597e80d38c5fb5319490e59d 5523 python optional pdfminer_20200726-1+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmlgA8AACgkQHpU+J9Qx HlhVtA//Sto6u/iDmdBOlKCj4C1Yd6P5k9YNfm2M056Dm9nBzUImiu9vlwo90j3A cG2THtsfm5Z0b9G/jaBs533R0qirtTUfaifpYPwxhg9NyDWeFZDQc2NXQAC5Aud3 V0Hmg1O2m9zytewB4N1K3QaWLYlsQzDuI7xRsFUVDy2dxl+6iwpCfYseWYh1PGfG iwtH1Y8NvX0dp8Vm66J9h2NpH8zzbNrtB/zUSUEbWiSv7RzzBfBg7ITPp9PI+X5y GAv3gc1EVo3Fsm625y/RzWXSv0Q6QICnIrFmWdRkzH2jpn8FeBfXO8XAoid0xh5J wi2cOO/424p4AQh5j4bfrn5ev6GfHkEJbi80MCMkLU1RcSf1mL/jChlU5gncK33Z sl18DM74ssHN5vVAYD2gLEKCDtTY0UuI/wP+z2+7W/2gn6NmCVRBAp6FJjyx79KD lNbuFaMQDuZFZ9Ry0Xwx+TcFG3g//aPmj0zJDnr6b0bgf8cDFsumuuX8SN2DhxPi fhh83a1XBMhbugaXuebyLVhuMqlmIKNB/fBRQeLLLKefdkMWeHTxxTlrM2u/+6S+ hU37smP1aJBEbtNtF4mJATCNcMK+zW+ZBCWP5DUSf4TUS6LfGLYGNZNETM/Y6Vzn +teLEVZnADPTJ3zhR1YuJ+QKfZJwKJaMFJCb5tGvVp120Su8Dvs= =NcaX -----END PGP SIGNATURE-----
