-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:33:40 +0100 Source: poppler Binary: libpoppler64 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0v5 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source Version: 0.48.0-2+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Loic Minier <lool@dooz.org> Changed-By: Santiago R.R. <santiagorr@riseup.net> Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0v5 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler64 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.48.0-2+deb9u1) stretch-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 70284b3cd45a5cc2ea0b1bf8977ccfd52799ee86 3408 poppler_0.48.0-2+deb9u1.dsc d635f326c28d87feee2d6012a4819c44c21154f0 1684164 poppler_0.48.0.orig.tar.xz 29ad2f3b85a76f16df2a63612e10a5198ae3a19b 38520 poppler_0.48.0-2+deb9u1.debian.tar.xz aeecfe62f7a0228aebf4502424ce484ac80685d3 13694 poppler_0.48.0-2+deb9u1_source.buildinfo Checksums-Sha256: cfb37b36f968c82c85ecd8dcdd3f878d94f7fe990bd3bddaf52f9861e4700da1 3408 poppler_0.48.0-2+deb9u1.dsc 85a003968074c85d8e13bf320ec47cef647b496b56dcff4c790b34e5482fef93 1684164 poppler_0.48.0.orig.tar.xz 2a3ceea5752b7ac302ed1175f2109e6322cfde51441308fda148e4e8460186e1 38520 poppler_0.48.0-2+deb9u1.debian.tar.xz a958edc4c18cb4ead203d3c33b8b76916753ec876a5cafd17285d2711a817a58 13694 poppler_0.48.0-2+deb9u1_source.buildinfo Files: 43768267cdc73de5aca920ddce250a9f 3408 devel optional poppler_0.48.0-2+deb9u1.dsc 8d61c91cb9e99ad38bba1b0b4432f174 1684164 devel optional poppler_0.48.0.orig.tar.xz 6776c6a44c97451fefb1a788175b95f6 38520 devel optional poppler_0.48.0-2+deb9u1.debian.tar.xz 90fb1bc947cb1c410b23508d8963175d 13694 devel optional poppler_0.48.0-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlpG7tQACgkQFX/a4RXx 4q319RAAp57YXiZZFtnAi8gg5ui2n4wf0TGEAxhP4VebgBR2/pjWj4AcaRR/U3ZZ NBcxloAa3iB2RkpA31BgdbdHqJrbcY2PmBAnnTfu2iPTbe2PIAY/HZsrsPwdSoLh jeNaCHNM/Pm/UDE9OL1QUbKckq6etYLFhNcwWgHHeY7HU4Hf2+UPLX6i6h55rZ0i ay7ifudhQeFsv+0UmJirdggh7va3K9jZpZjTjAmPH9V/K9XtiDEoB3Zao/KIEA6V khqPsZpU3cyfD5aAUbXfVb5iPe2zssJ8nNLYgQC10D3mSNcMHCK3fBq0x+W8mLHn yubQauoiTkpHkIn58AGnT14QkVQcN0pW+24oaQDFUPv1ML7T62iOYIFU7FzdjGzz 17oo/FPVyyrgzTI4+pd3sD2n3c6eS0P3uLECHWkWLPbY1s4dXqcTLvk0M6cS1T6z l3GgXYAn2oHgLlv2VTTcMOEJzmDpsob7369yfaW1BGpKHNL/rozXmf8tC8sikXvH JdeqJLg3ePWwRyGXDMWhQtSb5HbQDjOkLZkZASxSr4mkfreH3wx10uPLW921zAni +g4EYMamejm6zXnP3kIz7+KPF28VmkEmxAG/nd4pXJKcvBagmXoZV1+QYQ5x6LIb s4IT62b/4MYefFx1J1HIqFnVt6WhUlKuQaG/OscSMAzl9E4izFE= =y42a -----END PGP SIGNATURE-----