-
poppler (0.57.0-2ubuntu4.3) artful-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-18267.patch: fix issue for malformed
documents in fofi/FoFiType1C.cc.
- CVE-2017-18267
-- <email address hidden> (Leonidas S. Barbosa) Mon, 14 May 2018 12:43:51 -0300
-
poppler (0.57.0-2ubuntu4.2) artful-security; urgency=medium
* SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
leading to overflow
- debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
poppler/TextOutputDev.cc.
- CVE-2017-1000456
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jan 2018 17:19:45 -0300
-
poppler (0.57.0-2ubuntu4.1) artful-security; urgency=medium
* SECURITY UPDATE: pointer dereference can cause a DoS attack
- debian/patches/CVE-2017-15565.patch: fix crash in broken files caused by
a dereference pointer in poppler/CairoOutputDev.cc.
- CVE-2017-15565
-- <email address hidden> (Leonidas S. Barbosa) Thu, 26 Oct 2017 11:14:37 -0300
-
poppler (0.57.0-2ubuntu4) artful; urgency=medium
* SECURITY UPDATE: Floating point exception
- debian/patches/CVE-2017-14518.patch: Fix divide by 0 on broken
documents in splash/Splash.cc.
- CVE-2017-14518
* SECURITY UPDATE: Floating point exception
- debian/patches/CVE-2017-14520.patch: don't try to scale if srcHeight or
srcWidth is less than 1 in splash/Splash.cc.
- CVE-2017-14520
* SECURITY UPDATE: Floating point exception in ImageStream
- debian/patches/CVE-2017-14617.patch: Fix crash in broken files in
poppler/Stream.cc.
- CVE-2017-14617
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14926.patch: Fix crash on broken files
in poppler/Annot.cc.
- CVE-2017-14926
* SECURITY UPDATE: NULL pointer dereferencem
- debian/patches/CVE-2017-14927.patch: Fix crash in broken files in
poppler/SplashOutputDev.cc
- CVE-2017-14927
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14928.patch: Fix crash broken files
in poppler/Annot.cc.
- CVE-2017-14928
* SECURITY UPDATE: Memory corruption
- debian/patches/CVE-2017-14929.patch: Fix infinite recursion
in poppler/Gfx.cc, poppler/GfxState.cc, poppler/GfxState.h.
- CVE-2017-14929
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14975.patch: fix crash in convertToType0 in
fofi/FoFiType1C.cc.
- CVE-2017-14975
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2017-14976.patch: fix crash in convertToType0 in
fofi/FoFiType1C.cc.
- CVE-2017-14976
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14977.patch: fix NULL deference pointer in
fofi/FoFiTrueType.cc.
- CVE-2017-14977
-- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Oct 2017 15:20:07 -0300
-
poppler (0.57.0-2ubuntu3) artful; urgency=medium
* debian/rules:
- build with --enable-libopenjpeg=unmaintained which makes the poppler
openjpeg parser used as it was in Ubuntu until now. Upstream doesn't
recommend that but the libopenjpeg MIR has still not been approved and
without a parser some documents are rendered as blank. (lp: #1714596)
-- Sebastien Bacher <email address hidden> Mon, 09 Oct 2017 19:31:17 +0200
-
poppler (0.57.0-2ubuntu2) artful; urgency=medium
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/CVE-2017-14517.patch: Fix crash in broken file
in poppler/XRef.cc.
- CVE-2017-14517
* SECURITY UPDATE: Memory corruption - infinite loop
- debian/patches/CVE-2017-14519.patch: fix infinite recursion in
poppler/Gfx.cc, poppler/Gfx.h, poppler/GfxFont.cc, poppler/GfxFont.h
- CVE-2017-14519
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Sep 2017 15:02:15 -0300
-
poppler (0.57.0-2ubuntu1) artful; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/p/proper-init.patch: Fix thumbnailer crash
- d/rules: Use --enable-libopenjpeg=none, it's in universe
- debian/patches/CVE-2017-2820.patch: check for overflow in
poppler/JPXStream.cc.
- debian/patches/CVE-2017-9083.patch: check nComps in
poppler/JPXStream.cc.
poppler (0.57.0-2) unstable; urgency=medium
* debian/copyright: Add missing copyright holders. Closes: #872298.
* Upload to unstable.
poppler (0.57.0-1) experimental; urgency=medium
[ Pino Toscano ]
* Update Vcs-* fields.
* Add a lintian override for the "breaks-without-version xpdf-common" in
poppler-utils, as it is making sure to clean up xpdf-common for upgrades
to Buster.
[ Emilio Pozuelo Monfort ]
* New upstream release. Closes: #860955.
* Fixes:
CVE-2017-9406: memory leak parsing XRef entries. Closes: #864010.
CVE-2017-9408: memory leak in Object::initArray. Closes: #864009.
CVE-2017-9775: stack buffer overflow in GfxState.cc. Closes: #865680.
CVE-2017-9776: integer overflow leading to heap buffer overflow
in JBIG2Stream.cc. Closes: #865679.
CVE-2017-9865: stack buffer overflow in GfxImageColorMap::getGray.
Closes: #867477.
CVE-2017-7511: pdfunite denial of service due to null pointer
dereference. Closes: #863759.
CVE-2017-7515: crash in tools due to infinite recursion.
* debian/patches/upstream_pdfseparate-remove-extra-in-error-message.patch:
+ Dropped, fixed upstream.
* Update symbols files.
* libpoppler64 -> libpoppler68.
* Re-enable PIE. Looks like Qt5 got fixed.
* Bump debhelper compat to 10.
+ debhelper now defaults to --with autoreconf.
+ It also defaults to --parallel.
* Switch to -dbgsym packages.
* Set the team as maintainer.
* Add myself to uploaders.
-- Rico Tzschichholz <email address hidden> Tue, 05 Sep 2017 15:42:45 +0200
-
poppler (0.57.0-0ubuntu2) artful; urgency=medium
* Pass --enable-libopenjpeg1=none, the correct way to disable openjpeg
build now; and drop unused build-dependency on openjpeg2.
-- Steve Langasek <email address hidden> Wed, 09 Aug 2017 21:49:06 -0700
-
poppler (0.57.0-0ubuntu1) artful; urgency=medium
* New upstream release
* Drop patches which are included upstream
- upstream_pdfseparate-remove-extra-in-error-message.patch
- CVE-2017-7511.patch
- CVE-2017-9406.patch
- CVE-2017-9408.patch
- CVE-2017-9775.patch
- CVE-2017-7515.patch
* Refresh patches as needed
* Pass --disable-libopenjpeg1 and --disable-libopenjpeg2 which replaced
--disable-libopenjpeg
* Rename packages according to the new SONAMEs:
- libpoppler64 -> libpoppler68
* Update symbols files
-- Rico Tzschichholz <email address hidden> Tue, 01 Aug 2017 14:16:06 +0200
-
poppler (0.48.0-2ubuntu3) artful; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in pdfunite
- debian/patches/CVE-2017-7511.patch: add extra checks to
utils/pdfunite.cc.
- CVE-2017-7511
* SECURITY UPDATE: uncontrolled recursion in pdfunite
- debian/patches/CVE-2017-7515.patch: fix recursion in
poppler/PDFDoc.cc, poppler/PDFDoc.h.
- CVE-2017-7515
* SECURITY UPDATE: NULL pointer dereference in JPXStream::readUByte
- debian/patches/CVE-2017-9083.patch: check nComps in
poppler/JPXStream.cc.
- CVE-2017-9083
* SECURITY UPDATE: memory leak in gmalloc
- debian/patches/CVE-2017-9406.patch: fix leak in poppler/XRef.cc.
- CVE-2017-9406
* SECURITY UPDATE: memory leak in Object::initArray
- debian/patches/CVE-2017-9408.patch: fix leak in poppler/XRef.cc.
- CVE-2017-9408
* SECURITY UPDATE: stack buffer overflow in GfxState.cc
- debian/patches/CVE-2017-9775.patch: add extra checks to
poppler/GfxState.cc.
- CVE-2017-9775
* SECURITY UPDATE: integer overflow in JPXStream::readTilePart
- debian/patches/CVE-2017-2820.patch: check for overflow in
poppler/JPXStream.cc.
- CVE-2017-2820
-- Marc Deslauriers <email address hidden> Thu, 06 Jul 2017 08:52:45 -0400
-
poppler (0.48.0-2ubuntu2) zesty; urgency=medium
* No-change rebuild against libnspr4
-- Andy Whitcroft <email address hidden> Fri, 24 Feb 2017 11:15:23 +0000
