Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted poppler 0.18.4-6+deb7u4 (source amd64) into oldoldstable
Date: Sat, 18 Nov 2017 17:50:24 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 18:02:11 +0100
Source: poppler
Binary: libpoppler19 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev gir1.2-poppler-0.18 libpoppler-qt4-3 libpoppler-qt4-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg
Architecture: source amd64
Version: 0.18.4-6+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
 libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
 libpoppler-cpp0 - PDF rendering library (CPP shared library)
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib8 - PDF rendering library (GLib-based shared library)
 libpoppler-private-dev - PDF rendering library -- private development files
 libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
 libpoppler19 - PDF rendering library
 poppler-dbg - PDF rendering library -- debugging symbols
 poppler-utils - PDF utilities (based on Poppler)
Changes: 
 poppler (0.18.4-6+deb7u4) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix the following CVEs:
     - CVE-2017-15565: NULL Pointer Dereference exists in the
       GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF
       document.
     - CVE-2017-14977: The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc
       has a NULL pointer dereference vulnerability due to lack of validation
       of a table pointer, which allows an attacker to launch a denial of
       service attack.
     - CVE-2017-14976: The FoFiType1C::convertToType0 function in FoFiType1C.cc
       has a heap-based buffer over-read vulnerability if an out-of-bounds font
       dictionary index is encountered, which allows an attacker to launch a
       denial of service attack.
     - CVE-2017-14975: The FoFiType1C::convertToType0 function in FoFiType1C.cc
       has a NULL pointer dereference vulnerability because a data structure is
       not initialized, which allows an attacker to launch a denial of service
       attack.
Checksums-Sha1: 
 4303ea018930ae7742c0708cead17a83aca467a6 3180 poppler_0.18.4-6+deb7u4.dsc
 c4f8a14a8b9fa92cbf2fba747f0218f13dd2d8c8 30091 poppler_0.18.4-6+deb7u4.debian.tar.gz
 4b362cea81c08db580a028a4a27ba3678c63b3b4 1110940 libpoppler19_0.18.4-6+deb7u4_amd64.deb
 dd7347a6569be24e06d30bd352aa13a79a459e08 920310 libpoppler-dev_0.18.4-6+deb7u4_amd64.deb
 d6f93a0ecd3de0e76034d304c66901cfe8d8852b 212050 libpoppler-private-dev_0.18.4-6+deb7u4_amd64.deb
 afc8cb7695dc44f5fd40b0414b0ec685b74a7bae 107218 libpoppler-glib8_0.18.4-6+deb7u4_amd64.deb
 255761d25c328f1fd748dfa1473e8d567c8d7bc0 234106 libpoppler-glib-dev_0.18.4-6+deb7u4_amd64.deb
 2256ebd67d6d0f40f1b5d874157cf0aa4ff5b041 29740 gir1.2-poppler-0.18_0.18.4-6+deb7u4_amd64.deb
 d59dc1cc64b5774b5580a5a09618445e2c4f4d92 141260 libpoppler-qt4-3_0.18.4-6+deb7u4_amd64.deb
 0fc650acf513156926b0bbc309cf583ceb949c9f 192100 libpoppler-qt4-dev_0.18.4-6+deb7u4_amd64.deb
 a0431d5ada47ac314147e5375adcd96ef72d893a 48794 libpoppler-cpp0_0.18.4-6+deb7u4_amd64.deb
 7f3b05dc0db7c1b726ed48dff20811d15c000852 57006 libpoppler-cpp-dev_0.18.4-6+deb7u4_amd64.deb
 7f281f1a58984f018ed961daf898d0cfa423f84e 163912 poppler-utils_0.18.4-6+deb7u4_amd64.deb
 49ebe55addb0f7c6dc04cb4230b9667fe43ec1f8 5182000 poppler-dbg_0.18.4-6+deb7u4_amd64.deb
Checksums-Sha256: 
 125afdd582eefca20a6b1df2364314950391ff1757c51472ac233c63f714f974 3180 poppler_0.18.4-6+deb7u4.dsc
 0ac5792b0ec7a3b473f97cc6c5ddf6dc7fd97ee51af71869870e1222827d7eb4 30091 poppler_0.18.4-6+deb7u4.debian.tar.gz
 348ac0da67ca02995002d2f641de0f0384c73ce5bb83297403d87dd0d5eb7eb5 1110940 libpoppler19_0.18.4-6+deb7u4_amd64.deb
 80bb40d27fa4a1f1aa1cd563dc41fdef1bbd3921dd48bf61f547dac267c13e1e 920310 libpoppler-dev_0.18.4-6+deb7u4_amd64.deb
 5849beaad45101465911c1fb651d4ff6fc66b1d9deedc01dd367eca49c3ec2db 212050 libpoppler-private-dev_0.18.4-6+deb7u4_amd64.deb
 f1e922b70c2773eb041838532ba6b9d0488e5539c689c71d503a0732711aa4ef 107218 libpoppler-glib8_0.18.4-6+deb7u4_amd64.deb
 d4f0f0a5f1891ec3095a32904b0f854b5a1c900669d97dcd5ef158e4350f811a 234106 libpoppler-glib-dev_0.18.4-6+deb7u4_amd64.deb
 fb8e1f38b4994e33ae4952a62f7103cdc46dfd7c4d9b3cdb4d9ed3d02d976286 29740 gir1.2-poppler-0.18_0.18.4-6+deb7u4_amd64.deb
 e4d3c09773c0776d33ab5322a66b1fb5662ad9b5968f897882fa6adbd1259b7b 141260 libpoppler-qt4-3_0.18.4-6+deb7u4_amd64.deb
 d3c100dd188827c4e8fef0a5679b3e4f6e4f2269805c02dece3c514c10542504 192100 libpoppler-qt4-dev_0.18.4-6+deb7u4_amd64.deb
 ac0683a63165f8117eeaa77f540067ed3fb4519bc2da63967d620210b4897018 48794 libpoppler-cpp0_0.18.4-6+deb7u4_amd64.deb
 20045b87882ad326d266d3bcc7ee0c2763095b56086f23637d7950a92b114134 57006 libpoppler-cpp-dev_0.18.4-6+deb7u4_amd64.deb
 527735f3a1a1f4a0e0155d79ed36a31edf424481543110ad1d125ff9da9993a2 163912 poppler-utils_0.18.4-6+deb7u4_amd64.deb
 d68a3116c0034387baa6f9299cd56666a65324d525abb5d5fca63cf2d61c678a 5182000 poppler-dbg_0.18.4-6+deb7u4_amd64.deb
Files: 
 8bc9a668be60fb2814982eef2d8a9c81 3180 devel optional poppler_0.18.4-6+deb7u4.dsc
 636a5afbee76c56410990955ff532d2a 30091 devel optional poppler_0.18.4-6+deb7u4.debian.tar.gz
 374d795fbe0c3e9ee8e2cf75ea980680 1110940 libs optional libpoppler19_0.18.4-6+deb7u4_amd64.deb
 f5eded0ead59c27b540e95d54c28d467 920310 libdevel optional libpoppler-dev_0.18.4-6+deb7u4_amd64.deb
 5cace08a651a8e4d04bf9bf1f765078d 212050 libdevel optional libpoppler-private-dev_0.18.4-6+deb7u4_amd64.deb
 5c3d1bdadf30d8c2931086304a83b2e3 107218 libs optional libpoppler-glib8_0.18.4-6+deb7u4_amd64.deb
 6448a49564d78b302ca95522d9e2f762 234106 libdevel optional libpoppler-glib-dev_0.18.4-6+deb7u4_amd64.deb
 67be5fd8e8618370a29dbc87339bc580 29740 introspection optional gir1.2-poppler-0.18_0.18.4-6+deb7u4_amd64.deb
 4b97f7fd5196ab85e325790989ca3633 141260 libs optional libpoppler-qt4-3_0.18.4-6+deb7u4_amd64.deb
 76209ae81207ed1c60e98d9ce6921a79 192100 libdevel optional libpoppler-qt4-dev_0.18.4-6+deb7u4_amd64.deb
 980bcfec0bd6f4996572f6f4963e4c65 48794 libs optional libpoppler-cpp0_0.18.4-6+deb7u4_amd64.deb
 aef35e92d2d2ef01feb9a4e89e8e0660 57006 libdevel optional libpoppler-cpp-dev_0.18.4-6+deb7u4_amd64.deb
 daa3fb3f7f747ab86f921362f054f2fe 163912 utils optional poppler-utils_0.18.4-6+deb7u4_amd64.deb
 e21bec88ab29d883affb79b6e4f66369 5182000 debug extra poppler-dbg_0.18.4-6+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQb91fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkChgQALh1XOOaUqNpl7nrbsvOr2eL2aLSdnNfU9ih
QzlRaY8NcJpYOy58uXc54yhBd4Go1qroJe43PS7uVhc4FBn/WjRxO8DxJcGJSs5C
s2TV1nyvkAT1w/XRQXlHWOIYej/DuKrC+3ifLKa9HphBAdMwjcOpbcozu139zSBR
FUYIipkq92EpgoubRp1ExTPGlT+hUfgw5quPigKQ6sE4H6q7OEbIErrNgfFAL/PJ
EZHjF1YVBl+KxC25uMFxY2Q23jqzlmjKtAk0zIH0m2Cswl8I2cAPQB3r+8Cocq2F
YKmSPd3o6RmK+c8CxJXCIfvykvuFUnwrfjzvD7EluDmqbF63LYqBceOm4mFwDp7r
+Nfiu2y3qZkYModZYep4uq2x1teH+NhIxDK8PjFPPYua5bGR9++kVDcVGOf2+pin
I/guwx0MBP4J45YMw609hWniCvgHCDzv878avvkAi/qanvrX4jpFzsYG8R3qa9Zh
Y8G6Lbn/XWaZ9IP8TC30t1rWWifWsMOfWXXPoYKTXq+DIzitBbbJxqcvEQGakP98
zYf6mkBNWl2C4tjhaYB1guwEto50B1ecZI6Ns97BHyWLrUpzAjzg98PE6l61sepz
USCmmTizxP1KfQVHEsMHy/N/axwCIL1ip674J7VXyr1tqCCe+gZK8JJDYdA4vWq9
H83Ms5Rz
=Es1f
-----END PGP SIGNATURE-----
News for package poppler
