-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 31 Oct 2018 12:47:07 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier <lool@dooz.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Closes: 898357 909802 Changes: poppler (0.26.5-2+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-16646: Handle duplicate objects more robustly. Prohibit DoS attacks via crafted PDF files causing inifinite recursions. (Closes: #909802). This fix adds the following patches: + upstream_Fix-rendering-of-some-broken-PDF-files.patch + upstream_Allow-newlines-in-num-gen-obj-sequence.patch + upstream_XRef-Fix-runtime-undefined-behaviour.patch + upstream_CVE-2018-16646_Fail-when-PDF-contains-duplicate-objects.patch + upstream_CVE-2018-16646_Allow-duplicated-objects-in-incremental-updates. patch * CVE-2018-10768: Fix crash on AnnotInk::draw for malformed documents. * CVE-2017-18267: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents. (Closes: #898357). * CVE-2018-13988.patch: Fix crash when Object has negative number. Specs say, number has be > 0 and gen >= 0. Original upstream patch backported to old Object API: + upstream-modified_CVE-2018-13988.patch Checksums-Sha1: 1b74b217b107a888c7ae5f1b9fe09b30a9e205e9 3331 poppler_0.26.5-2+deb8u5.dsc 5f56ef63b712c356e7cfb833a5a7f04255bae33a 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz d330a0c7fde7d6bcf3cc3023afbdc6613d6454dd 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb 586ddb413f6c2f72f24bd8b571e2330ff03b0dcf 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb e6ed488e5059888ddeb25612dd66dfeab9ebba9d 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb f72206a1d66e0ffc97249e7aad911b9de932ebfa 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb 0ace8ee98f8bfd80db5552c38d7b2a2ae66aadb1 163500 libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb bf325a5d1f6a9b64ff0f76d31fe751b7c49bc1be 85842 libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb 4294f5ab3b3910e4d2ce4dde255124016390fc58 34326 gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb db1498584cdeb6278d5deed4083bf5ef3be31a9a 127708 libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb 2002f6798b9b3d21b55c44d26e9a73cdcc804db7 158900 libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb bb1fdce423892eaccd47451a986ab7f0edabe5ff 132238 libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb 0b012fd7a1390cd875b6ae8ae6f3c6db74c3fd84 165658 libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb 886674499ec98bf25343497666fc2413359751f2 44778 libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb 2b2b8ac0289c7c8b8a4aa3385be6b2e2d974516c 49336 libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb e2edcd563a0411d2b4805e7c1de003e018fb6151 140904 poppler-utils_0.26.5-2+deb8u5_amd64.deb 75524dc64725452d4ab5d0993f8fe50df4414190 7699424 poppler-dbg_0.26.5-2+deb8u5_amd64.deb Checksums-Sha256: 902cba51b4898917e0e86e11a71b01834faf6ed7174a7334ffc0985a6cbb858f 3331 poppler_0.26.5-2+deb8u5.dsc fa1784e8629ad163d1c5f786a9c80974d57be2b82b4e84a57acfb4bc0a2611d9 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz b17ea73d482a2072560f630bc7d98b91b96e409de47560310561bee2d3224c86 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb 7ce04869e65d67689562a2288c898480bbfa65732fd4b1030ac0924ae4f00dd9 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb 6b6f57f2338427dfea852a23d256b3fd0f46e54475caa8b29c1d3d9f01a4721a 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb 12545af757777fc9f5487bcd9c671431c1d112a38e3f47e75ab0b7d56083dc7a 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb 12a2872eaa4ad20b0c5a3428cb1eeba9d7653cc592136b03780e66b82005d8f1 163500 libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb 55d60bcc6bc8347ed25573ff215413e090f11f197acda0b21ef46626b54045ed 85842 libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb 0bc730cdb05a28b769ead220ff509b78fd91fd7b68432983de59e9c7c865815f 34326 gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb 8a00ba7f5410e13540bd891de597034abac725ace3a17a4a3a7c8dee19ae35a7 127708 libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb c56e077901dc7182ba9ef3b29c6fab8b2b9af8585d37c1ecb793d4302f362e0e 158900 libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb a0a3f08600b01d5125575a874acefc9e997ca6e7a2651f456f22082cafe0a118 132238 libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb ee311e07c470b6791dbe189f17a134a8833ccb92694c6f003d325bd0852cc041 165658 libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb 509ea73dc158a99016d8ba4a579605b51f7493eed4388297f00c93ae771b5b15 44778 libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb 0d2325b1809672ac77dfe753df6ffe5a8b12a5bf8c73a9d07d36187d879ac5d7 49336 libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb f6c9586cc80068bb2d15abab0390a51bb22dcdd40a322e1fe2378df31443a197 140904 poppler-utils_0.26.5-2+deb8u5_amd64.deb 5fa3d9031ae56cfde5f81fbefbd2af1275a2f9f7480918918ab96bcfdaeb874a 7699424 poppler-dbg_0.26.5-2+deb8u5_amd64.deb Files: db8f14e3297b66bd49be232a7ef3cf5c 3331 devel optional poppler_0.26.5-2+deb8u5.dsc c7e4b070f52ae3fa0419a98116d25dcd 41356 devel optional poppler_0.26.5-2+deb8u5.debian.tar.xz f4ee3b75a525a99163ccdd3281e85807 1213944 libs optional libpoppler46_0.26.5-2+deb8u5_amd64.deb 2fcc08dfeb9ae7ca2bf1b3c3bf298c2d 768576 libdevel optional libpoppler-dev_0.26.5-2+deb8u5_amd64.deb 9f39db4fdd8837970f328d6baf2a752e 180710 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb d996e555d57f34187a6a875aec121374 122298 libs optional libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb 6152ede6197dbac2edd37521fad63049 163500 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb 507c8a20d60fcca539dde3753f7b6c93 85842 doc optional libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb 8e70d6a42f449a6b1ecd309cd287c5e0 34326 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb b1e63b2eef8191a892824b293be67949 127708 libs optional libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb d18bf583ff21f0dadeba9ed811b7504a 158900 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb 71939d6379eed2b45b684eb402e5c8ab 132238 libs optional libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb f0c7461822f5938f8755e2ae5d72fd2e 165658 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb f86756b1ffa67b833aba5c1912f8c457 44778 libs optional libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb 9a20b5f17e387758a3ab677e70e81454 49336 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb acd2c77969aaf7633abbc85ea5de00b9 140904 utils optional poppler-utils_0.26.5-2+deb8u5_amd64.deb 402d904151db988a6277d746ed21be27 7699424 debug extra poppler-dbg_0.26.5-2+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlva0/EVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxjsoP/3qhs495VKDSFgBX8xwO83iEKKyE kBFsnj0cOi8FFo9wSU73s1MJmCAE4hZExJO4REeOGJNy6o+U2THA8Kiz6BO+/axg gq4PVHza9lW31A+CqAvJ5+dyH9d2BKz6DfFjdl3AJ4LZXqp9eUMe2vW5xd2myU61 bLrKHJ/RhS79tlOhhQgLhw2naizz7ynxypxm23514wDaKYEsx3CFWHiQ+b5eraR6 MwxcAnsuSprt1epB6A5hdbGUQIk4LNscif7M0+uYYbn4gkbyMKsJMAEapmWHET1T hyJa9k+OHrHeAU1BYQr9wYunyEOsNNZs5TX7Pu0yIpZxGdlBtWzVNCA5vWVTHvUB hzbSxXYFyODyGwgtetndNyC0LCQKEbq13VzRmtmnEpdEjmRxVOQ+Wf9Qx2uYhlPX aBw7uR2WB3+Z+NBr+JZ4COs/EyDjg2JS1eO+Mx8t6hCzzEmvEeDbaL7MaN2pdiCe HZTAwbhxw3Pr2aE8zw4k61iZSrw8DkV06ownDYcSkeS0xL5+om+UOTiI5Xusxmb6 vQ2Nk4tI/kh5twT9wecGYXX/9FKES7ofT301iirpSUxRV3JmXBCfW/5eoS1beK8b w3UjzDxG6FsLRwV3/DcRl9tescgtpYsqI/A2U7/yzEMztnw/gpsBIHE/oYl0e2LJ rOyzw6FFheYx6PYq =oV13 -----END PGP SIGNATURE-----