-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier <lool@dooz.org> Changed-By: Santiago R.R. <santiagorr@riseup.net> Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: be3e9a46f381d4d1d051f176dbdb9b71009f25a8 3302 poppler_0.26.5-2+deb8u2.dsc 7b9c338734f6c98adcced62625817a382e8d22d7 37688 poppler_0.26.5-2+deb8u2.debian.tar.xz f9127e30e6d21be24a2db0589829b17838396809 1211322 libpoppler46_0.26.5-2+deb8u2_amd64.deb 7e201c3b3eaa6b2a5e133bf89c31d8b9b59a4c06 766080 libpoppler-dev_0.26.5-2+deb8u2_amd64.deb 783c0abd6c50db4a818743fbc73f379e6693131b 179572 libpoppler-private-dev_0.26.5-2+deb8u2_amd64.deb 02ca60a69364bdf7a8926d1850716ba258a57baf 121706 libpoppler-glib8_0.26.5-2+deb8u2_amd64.deb c95c706e96b6df0bfa7fa0ba12897ef4024e6402 162006 libpoppler-glib-dev_0.26.5-2+deb8u2_amd64.deb 6ac2ff27735b995cbb9c32c4cf1d55aaa3dccc04 85460 libpoppler-glib-doc_0.26.5-2+deb8u2_all.deb ce51dd987aff7aa1bfe54e16e8495cd74435cc0e 33572 gir1.2-poppler-0.18_0.26.5-2+deb8u2_amd64.deb ed4254cc94c0212e4d5ad4100796cbd504db8d97 126640 libpoppler-qt4-4_0.26.5-2+deb8u2_amd64.deb 22c546737e72cbe3550f9a0ffc1bc618eb956e3c 157778 libpoppler-qt4-dev_0.26.5-2+deb8u2_amd64.deb b448933125fdaf625011ebf213d821e4c382b2b2 131338 libpoppler-qt5-1_0.26.5-2+deb8u2_amd64.deb b6eaf7117dc4075415ac198800b433dba06fe98f 164918 libpoppler-qt5-dev_0.26.5-2+deb8u2_amd64.deb 69a9b7789eac92c9a963fce86253a0fa53a8590f 44050 libpoppler-cpp0_0.26.5-2+deb8u2_amd64.deb e098ca7e9971be5f5ebcea3349c201458c755361 48570 libpoppler-cpp-dev_0.26.5-2+deb8u2_amd64.deb e85cf39ec07279741569543fe6d4ba8f56b54523 140340 poppler-utils_0.26.5-2+deb8u2_amd64.deb 3de2a10fd783135e3dac2907cd0263af3c2f8d01 7683558 poppler-dbg_0.26.5-2+deb8u2_amd64.deb Checksums-Sha256: 31d36174e01ae2ac977886ee596720a0172c8fbee89adb8f7e25210b6e1af5c4 3302 poppler_0.26.5-2+deb8u2.dsc ebfbe4ae7c234d748aacfff5054f0c53b4130dd8cf97742dda10b4814e96960c 37688 poppler_0.26.5-2+deb8u2.debian.tar.xz 94463745121736f1cbc0fce9f831ea31fdce0e5f151451384ea77531233ae56b 1211322 libpoppler46_0.26.5-2+deb8u2_amd64.deb bce934d1accb089bc9cb812fb902aa131cfdbc31a0bdff9c9a36402c2ff2d99e 766080 libpoppler-dev_0.26.5-2+deb8u2_amd64.deb 70ed1d3317a4c8ac58b400006d607ec5c1d75a19b2850e82869dca4c92b24389 179572 libpoppler-private-dev_0.26.5-2+deb8u2_amd64.deb 9e2635ed654837294b3b6099060efb5f7ee0b2f74369c2cfbe28563f5e504cf2 121706 libpoppler-glib8_0.26.5-2+deb8u2_amd64.deb 62ad095de284bfb1b9e8477df080a4f1ddb1fb146638c8585aeee72d043e14fc 162006 libpoppler-glib-dev_0.26.5-2+deb8u2_amd64.deb 9e53523ef4760bd1e025e8a76eef48fa46effcb2368547c11d1e1f21844bcd67 85460 libpoppler-glib-doc_0.26.5-2+deb8u2_all.deb 179a0bb731c5abb55a049fb9731136784e6025182cd73853da3d28aad9062be4 33572 gir1.2-poppler-0.18_0.26.5-2+deb8u2_amd64.deb 64f446cc8168344d331037ad1b873a689944da60fba944cdfceaa8f3d047c0f5 126640 libpoppler-qt4-4_0.26.5-2+deb8u2_amd64.deb d8c2ddb5e782fabd431bfb87e09bb575f58536b81c68de21a10add35c482d260 157778 libpoppler-qt4-dev_0.26.5-2+deb8u2_amd64.deb 05daa36fde7db572b767d937677d00950d05c8dd4f1fe56b40ed4c9ff9b0feeb 131338 libpoppler-qt5-1_0.26.5-2+deb8u2_amd64.deb 57111144386518e5b1e3045841947c320f5d22003a9bc30c031bfc65700e3f8d 164918 libpoppler-qt5-dev_0.26.5-2+deb8u2_amd64.deb be040db29493f9d5f035246d9aea92985809a3518b9d5ab48accf1bde1633939 44050 libpoppler-cpp0_0.26.5-2+deb8u2_amd64.deb 4f799471186729c1f5c586e0c732c260a3bd5708a1c7f979a1b7bb011aa2f452 48570 libpoppler-cpp-dev_0.26.5-2+deb8u2_amd64.deb 271f5561b5adee179397f8534e67f8fecd9ee660ab9d4fa33aa7f7ab34804369 140340 poppler-utils_0.26.5-2+deb8u2_amd64.deb 8b6f26d70617a030ed00f9a59ee08d584d39a4f1fc325c5cacab4f243b56c1ef 7683558 poppler-dbg_0.26.5-2+deb8u2_amd64.deb Files: 70cce25e01aacdf12baccc89e8728fb2 3302 devel optional poppler_0.26.5-2+deb8u2.dsc a7ab0709211aa05e022e70531041f769 37688 devel optional poppler_0.26.5-2+deb8u2.debian.tar.xz f19dd4d200598111f224bfe0ac61ee56 1211322 libs optional libpoppler46_0.26.5-2+deb8u2_amd64.deb b3425769b86579af58fddd6cbed6346e 766080 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_amd64.deb 0ce5b82324a4746302e124bbaeed91bc 179572 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_amd64.deb afebc792c291d0394d7515671fd1c9b0 121706 libs optional libpoppler-glib8_0.26.5-2+deb8u2_amd64.deb 82a31f33b3a6adf5bf0791360eb625ba 162006 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_amd64.deb 23ca740b509406b5e325be03910f03b3 85460 doc optional libpoppler-glib-doc_0.26.5-2+deb8u2_all.deb ed20178dcf2c6dde69773e67b179606d 33572 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_amd64.deb 554cef42ec0de0d4e76cc7e03f86c9fa 126640 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_amd64.deb 69e063f456af38cde43b320a805944c5 157778 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_amd64.deb 220212df6ff2a98c71770410079ce8f6 131338 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_amd64.deb 12d038fc6ef340acfcc3afd4c929ff2f 164918 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_amd64.deb 25104f7e8157fb60f9227bd366fad4f3 44050 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_amd64.deb 6e6ce8f1889d1b714eeccb196b48f5a7 48570 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_amd64.deb cf8b087e37dd6abf0cc971cf3df6d43d 140340 utils optional poppler-utils_0.26.5-2+deb8u2_amd64.deb a660e6feead14bd05f59c8d2fa3f0208 7683558 debug extra poppler-dbg_0.26.5-2+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlpJHFMACgkQFX/a4RXx 4q3QDg/9H9CpeUqrUYP1g+BmHpaKoajZF2A6gF1KqEIAOqi95wsoYeroMrEcUhBR umJn36PKV7xcXWchuOD1od00u2Q08YqXjSAbIs/Nwnj0bhaDElKIxL+qNfy4J2IC Vhuo2oSG8ktGR1TlxwFyvfi7iK6bTcXv2gzv4vzIstIeLxPTR3zsjUjFMDoSRIhP LbAJCIDBg4jkvrYV6DOp0PDZEeaSbfYKH6Kj2QxiaDeJO7SPj9uz06yLSpK7gxKq 48DN6j6SWmksctqAdvYDdxzQoSPmcP0zoUBxE+Z5EqykZlmIO/j1PUR9ZWJx/wL4 DbXPrpT7XOrXITCtmEXkhXEb4/oeHPniSJ6oUAZLaZW1UD2Vyc7+Q77AGStQmBd6 wEvAS7GBgYt2TlNZYAeCTRxUeimmtibaLeuFGwTotpa1lMOa8QRCAQT9qqXDC0w3 2Ojcpz+Fh2mcG6lbJwrr6Dhm2g6A/4tzoZAOcxwUIZYxrchZpVTAWZboDzOeUm3n wN/7cvAxRPFYAqM6/KvOzjzkxVdlH3OxPbSN97L+JeLvprp6uzA6DjKbWDiIltGx LDcEFxUhh4vjdn42GU4wJB6+6KpKtgHZI1APlOrWhF3dg/4Hs8N7m381OBUqJfZH DnnBe0nBaDI572tt+D0U6Q919rzoBmLk0ZNd939k34eLctQfmeY= =sCHc -----END PGP SIGNATURE-----