-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 16 Oct 2018 11:45:17 -0400 Source: libpdfbox-java Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc libfontbox-java libfontbox-java-doc Architecture: source all Version: 1:1.8.7+dfsg-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libfontbox-java - Java font library libfontbox-java-doc - Java font library (Documentation) libjempbox-java - XMP Compatible Java Library libjempbox-java-doc - XMP Compatible Java Library (documentation) libpdfbox-java - PDF library for Java libpdfbox-java-doc - PDF library for Java (documentation) Closes: 910390 Changes: libpdfbox-java (1:1.8.7+dfsg-1+deb8u2) jessie-security; urgency=high . * CVE-2018-11797: Prevent a denial-of-service vulnerability where a malicious PDF file could trigger an extremely long running computation when parsing the page tree. (Closes: #910390) Checksums-Sha1: 1f54a2a3e84e94628903c3ff60d976157fd1147a 2729 libpdfbox-java_1.8.7+dfsg-1+deb8u2.dsc 1b362eb7bb385411697901369d07ee1cbd50172e 6557128 libpdfbox-java_1.8.7+dfsg.orig.tar.gz 32c4184b1253e4c201cb062fa1ae310f251cf383 14104 libpdfbox-java_1.8.7+dfsg-1+deb8u2.debian.tar.xz 1b19bfe42ec0750aa5e2cc902e3d076088d1d234 5146454 libpdfbox-java_1.8.7+dfsg-1+deb8u2_all.deb 574adbeb9d33185f1b87f1143aed6e26d5963dd1 857374 libpdfbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb 61bc120e0d506327b62d124553f5c19934844f5a 49958 libjempbox-java_1.8.7+dfsg-1+deb8u2_all.deb 7f8f2d011c03c6c8f79f94ee7c7ba869a66541eb 73046 libjempbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb 91db21a1cd86407df7889a22a585be29f41e7c22 204502 libfontbox-java_1.8.7+dfsg-1+deb8u2_all.deb c0211532895f978cfd24f51ce903f5c3df1820f4 129768 libfontbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb Checksums-Sha256: c9d78bec98b1ea04da4588a65bfa4ec2e988852d641ad37f785c0716e0882bf8 2729 libpdfbox-java_1.8.7+dfsg-1+deb8u2.dsc 36c28696e8fffb92d723091bb04987950ac348c27217cb29f62448bc5dd4e9c1 6557128 libpdfbox-java_1.8.7+dfsg.orig.tar.gz 5422c5179b58adf8361189348b7378ae98f6d46a737de4131fed163f552b0eaf 14104 libpdfbox-java_1.8.7+dfsg-1+deb8u2.debian.tar.xz 410609100e6487c9a88071ce8820e77c7fdb9abec703009756edc0476fbe9dd5 5146454 libpdfbox-java_1.8.7+dfsg-1+deb8u2_all.deb c554bae21f74fb982f0ee2522f45f9a8e76b2a3da579a96c1f03a07af31ab989 857374 libpdfbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb ac560898b3c17d5562186471683d2dae9d4e847b497f7d73f80f8a2d98947ca0 49958 libjempbox-java_1.8.7+dfsg-1+deb8u2_all.deb 135e04def06850bf4ccebc81cec41fd1ac2dc497c770495cd9663cb8ff44277d 73046 libjempbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb a81a0d13015c546eac146a2784be7b296afde64ef02720b6cea8d786f4efbb15 204502 libfontbox-java_1.8.7+dfsg-1+deb8u2_all.deb e29a8d635bccc7e4d9a7faf420966d9e1c6b02489cfb88a90d8ec153dd59cd76 129768 libfontbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb Files: 0681820b949fb7d939c8ea4c75c55f3f 2729 java extra libpdfbox-java_1.8.7+dfsg-1+deb8u2.dsc 8e88aae762669b0b26afaf634d46d242 6557128 java extra libpdfbox-java_1.8.7+dfsg.orig.tar.gz 55b1eca6a8ded54c1a76cdc91ead7539 14104 java extra libpdfbox-java_1.8.7+dfsg-1+deb8u2.debian.tar.xz 41b8d8eb59a23a613cc2fae5459e21bb 5146454 java extra libpdfbox-java_1.8.7+dfsg-1+deb8u2_all.deb 5973f0d254fd364598d135835d920d25 857374 doc extra libpdfbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb e3f4705c9acba0c91469fa3427d95c4b 49958 java extra libjempbox-java_1.8.7+dfsg-1+deb8u2_all.deb 03fd256bf0f9d4a2c5121851733e59a9 73046 doc extra libjempbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb 3e2a964ec2bace3c67c71563bea365bf 204502 java extra libfontbox-java_1.8.7+dfsg-1+deb8u2_all.deb 8a34e4485df8c46323826f268db9f2bb 129768 doc extra libfontbox-java-doc_1.8.7+dfsg-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlvGCzoACgkQHpU+J9Qx HlgZRBAAwy+Ed0D+nAFkVZMAIuncpGU4/8EwF9qLkSk2cJetBjSeIf+gsUAuML7P G9GXkD3cpEKlVy/7ywmufvZTCNgIqGyQVgM1jNZJ04iQh/a592jsIvCoeWDiZ90g oy8Ge6+cn6tFPSt2z2vsix3SN2MZPNhBxLlWrVSA3zOcS1JQnUsZVDROEI9ilJ5y 8VMXY1tt44mxZt+oRUO1v2PZSUCt9gtf5CpiEYMLDHIhAhnMt0CoyAeMR31PeVoA smONscQs+Bkfk75cipTQigZY0RedsbyloyfD0V8cWV12LKkdlrvvCpgRZGsEqfg4 vUUcRuZNjoC2M4vFQi+fu1xuryWOTd7JpHS0Ll77IrZJ/OOS/HBWAzXEkvaumibm p6Tt4iZ7ycZT0VujCuN5lN1KxJN0oTa8ycmqRcogLb6eeAgI93cSUjo2zrbE8ylD Y8GiI69nQ/WukWVvrr41f3ZIGdboblZpip+Y5YQ6ALHhK1Zhmx2gQk3KcNOS4egn xq3LD4ughZJwenVC5lmxv8fYoOPreVUg1VdinQQ4PJcnDKfiu5iuWGKHfNj0jy2W W2+wKxUp/ZVMan6At9acG1EBEOEcmNp8xlxd+xpwHB0aw7uS91rzpKG/3no4pnWW 5tzVEJ94qJUnSDBgwGsC6xn9E/+ctswoixQVvWPtD5vV33usWMA= =TgBO -----END PGP SIGNATURE-----