-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 5 Jan 2006 14:54:44 +0100 Source: poppler Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2 Architecture: source i386 Version: 0.4.3-2 Distribution: unstable Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-qt-dev - PDF rendering library -- development files (Qt interface) libpoppler0c2 - PDF rendering library libpoppler0c2-glib - PDF rendering library (GLib-based shared library) libpoppler0c2-qt - PDF rendering library (Qt-based shared library) poppler-utils - PDF utilitites (based on libpoppler) Closes: 346076 Changes: poppler (0.4.3-2) unstable; urgency=high . [ Martin Pitt ] * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). * Add debian/patches/004-fix-CVE-2005-3192.patch: - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. . [ Ondřej Surý ] * Merge changes from Ubuntu (Closes: #346076). * Enable Cairo output again. Files: 85bd59f9761a5fc51ee67850f3f8eb84 1730 devel optional poppler_0.4.3-2.dsc 4fb9555f5711c80b3caeb6df7c0913de 124328 devel optional poppler_0.4.3-2.diff.gz f6909f0d5cba133ce384f74cee24f339 433928 libs optional libpoppler0c2_0.4.3-2_i386.deb 671deea9a7e0cb48bb4c2799f892d8c7 579738 libdevel optional libpoppler-dev_0.4.3-2_i386.deb 516d02d25fdc8232c7d321206e78cee6 39160 libs optional libpoppler0c2-glib_0.4.3-2_i386.deb cccb06aae626847a2a050fc6d762c1ac 42946 libdevel optional libpoppler-glib-dev_0.4.3-2_i386.deb a8080202edd1eae7f73aec5a7ead7608 27666 libs optional libpoppler0c2-qt_0.4.3-2_i386.deb debd121e260aacc1a3ae3e454f0109f9 28644 libdevel optional libpoppler-qt-dev_0.4.3-2_i386.deb c727731728e2593f2ff495a9aefdcf8a 79482 utils optional poppler-utils_0.4.3-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDvSbE9OZqfMIN8nMRAj9mAJ4gbjNrYS9I9mrGiI+0jIP35s2dtgCfUAEO 50aIKYptzQhsGXOV0dy3cDA= =q+1o -----END PGP SIGNATURE----- Accepted: libpoppler-dev_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler-dev_0.4.3-2_i386.deb libpoppler-glib-dev_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler-glib-dev_0.4.3-2_i386.deb libpoppler-qt-dev_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler-qt-dev_0.4.3-2_i386.deb libpoppler0c2-glib_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler0c2-glib_0.4.3-2_i386.deb libpoppler0c2-qt_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler0c2-qt_0.4.3-2_i386.deb libpoppler0c2_0.4.3-2_i386.deb to pool/main/p/poppler/libpoppler0c2_0.4.3-2_i386.deb poppler-utils_0.4.3-2_i386.deb to pool/main/p/poppler/poppler-utils_0.4.3-2_i386.deb poppler_0.4.3-2.diff.gz to pool/main/p/poppler/poppler_0.4.3-2.diff.gz poppler_0.4.3-2.dsc to pool/main/p/poppler/poppler_0.4.3-2.dsc
