-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 23 Dec 2005 16:36:30 +0100 Source: poppler Binary: libpoppler-glib-dev libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2 Architecture: source i386 Version: 0.4.2-1.1 Distribution: unstable Urgency: high Maintainer: Changwoo Ryu <cwryu@debian.org> Changed-By: Frank Küster <frank@debian.org> Description: libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-qt-dev - PDF rendering library -- development files (Qt interface) libpoppler0c2 - PDF rendering library libpoppler0c2-glib - PDF rendering library (GLib-based shared library) libpoppler0c2-qt - PDF rendering library (Qt-based shared library) Closes: 342288 Changes: poppler (0.4.2-1.1) unstable; urgency=high . * SECURITY UPDATE: Multiple integer/buffer overflows. . * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193 Files: fa5985bf510c5dc3793156b056cc78a4 1750 devel optional poppler_0.4.2-1.1.dsc 384879819f5e5dca860ddb639729bc86 5859 devel optional poppler_0.4.2-1.1.diff.gz 0247cf16c73b8b62ef757d96daf30897 432912 libs optional libpoppler0c2_0.4.2-1.1_i386.deb beaa0aa70ca97108c1b997c1cb14cd79 578472 libdevel optional libpoppler-dev_0.4.2-1.1_i386.deb 78fc2dcc40d9e3c35a75248dcdac06f3 38076 libs optional libpoppler0c2-glib_0.4.2-1.1_i386.deb c5234e6480d01d1598de712269db17d8 41794 libdevel optional libpoppler-glib-dev_0.4.2-1.1_i386.deb a1c780d7a092ae6c0981c3d6ae670d60 26566 libs optional libpoppler0c2-qt_0.4.2-1.1_i386.deb 48fafdd9dea81ca896648aa27dc57539 27540 libdevel optional libpoppler-qt-dev_0.4.2-1.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDrB+T+xs9YyJS+hoRAkGeAKCGNO5wdGYnEkfuL1m1R5jwVgpeyACgjjbu pxGJG86s2jzHK+Gk5h/6WcM= =sW6p -----END PGP SIGNATURE----- Accepted: libpoppler-dev_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler-dev_0.4.2-1.1_i386.deb libpoppler-glib-dev_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler-glib-dev_0.4.2-1.1_i386.deb libpoppler-qt-dev_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler-qt-dev_0.4.2-1.1_i386.deb libpoppler0c2-glib_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler0c2-glib_0.4.2-1.1_i386.deb libpoppler0c2-qt_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler0c2-qt_0.4.2-1.1_i386.deb libpoppler0c2_0.4.2-1.1_i386.deb to pool/main/p/poppler/libpoppler0c2_0.4.2-1.1_i386.deb poppler_0.4.2-1.1.diff.gz to pool/main/p/poppler/poppler_0.4.2-1.1.diff.gz poppler_0.4.2-1.1.dsc to pool/main/p/poppler/poppler_0.4.2-1.1.dsc
