Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted poppler 25.03.0-5+deb13u3 (source) into stable-security
Date: Tue, 09 Jun 2026 21:12:44 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Jun 2026 11:07:43 +0200
Source: poppler
Architecture: source
Version: 25.03.0-5+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1117046 1117853 1138708
Changes:
 poppler (25.03.0-5+deb13u3) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
     (Closes: #1138708)
   * Make sure regex doesn't stack overflow by limiting it (CVE-2025-43718)
     (Closes: #1117046)
   * Check for duplicate entries (CVE-2025-52885) (Closes: #1117853)
Checksums-Sha1:
 8b17e8eeb60c2fb37a25ce36fc7bcfc095678a13 4121 poppler_25.03.0-5+deb13u3.dsc
 ee5041be2a6bd6b6e5627776c7c82b788e238f58 1954516 poppler_25.03.0.orig.tar.xz
 cb74cff2ea515391ee267c81a926b0ece4a14991 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
 4f393b77eeecfaebbf22a1d38ac3d75654911d6b 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Checksums-Sha256:
 4c867dedb90253a5693832f2187ee00cc4db1c997c7573f2289e4048480ff1f9 4121 poppler_25.03.0-5+deb13u3.dsc
 97da4ff88517a6bbd729529f195f85c8d7a0c3bb4a3d57cb0c685cbb052fe837 1954516 poppler_25.03.0.orig.tar.xz
 1234f92a2cbf5dafc80f34b51e98d1d79011fd51072744109c0f5c2aff32c658 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
 d6145e8aefdd9df8b648e5117de0b55571d15fa89a8b2718351c0354b3789c4a 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Files:
 58612a17225657930e99712d758f4a68 4121 devel optional poppler_25.03.0-5+deb13u3.dsc
 21bb345c070ab16d7cd3bafcd513cc02 1954516 devel optional poppler_25.03.0.orig.tar.xz
 561810f6047d557cd24c78cfd2f69f96 43964 devel optional poppler_25.03.0-5+deb13u3.debian.tar.xz
 4109a65dfb6a5ee70c2fe7d801a0846e 6752 devel optional poppler_25.03.0-5+deb13u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokO0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ebc4P/3j31hUaSEt4mDqRErLcG+N/ZGz90An6
7j8gu1FUIpFFLLVXLJNgyHBNdNrpwrwB/KTrS5zBKY1i6YdNDql3C7YnunlPLANM
DMnsQYejHklGBQoMbzP4PK0FIrLjHt/KkqyNr9JbDPZ7hCS6jJJfVpHT8EtCLlfQ
WwUWcuwpIzUuauLjg3FeQHFAlWLhSQZDeghHbiQwkzb4O6E0RdEHTG39wlByfq4+
IrnwIzeowbtM01OfoTILJ/wK9HAsspNAfROXnVJLZ6W1REYXOQ0Ys0+ZBAiJLUOB
vcOfRm/IcNBeKOaLHnJuc9F/355xacMFpZrgdCsPaDer1GhOv712h6g8+nrWwpN7
8UMcJmcUJDBS9E7Z/z5R28UVtxk/7FsA9Jgg4aO4At70MTSr+kLCF/tSjLIlxLMY
e0v82K+YC407ZsvliUIh4QA7nvr92mBDYQ1vX+zsvqkon8bS/nSmAd5OtUzvQJgW
QWq19XF79kvqX1JemXN2YN5/dHL1zTh7hAzyuUzkAWiRVq7gedd7xR0YhGoFAct0
k794rTiaSXlkdafGUxrVv3AQ+2CufoArs4iB+SUOAXey94rG0mHDYlzUx4uIFirM
AWGJnzixcSf6Ca0fi71WPOuHfky2ATmc6Cr0uS4u9BVUKkGCyE3HAEenIEuvPSth
9kf//BntPfoH
=bOAU
-----END PGP SIGNATURE-----
News for package poppler
