Ubuntu
poppler package

Change logs for poppler source package in Cosmic

  1. Cosmic (18.10)
  2. Change log 
  • poppler (0.68.0-0ubuntu1.7) cosmic-security; urgency=medium

  * SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
    - debian/patches/CVE-2018-18897.patch: enforcing single initialization
      in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
    - CVE-2018-18897
  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
      Dict in utils/pdfunite.cc.
    - CVE-2018-20662
  * SECURITY UPDATE: buffer over-read in downsample_row_box_filter
    - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
      for box filter in poppler/CairoRescaleBox.cc.
    - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
      rescale filter in poppler/CairoRescaleBox.cc.
    - CVE-2019-9631
  * SECURITY UPDATE: dict marking mishandling
    - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
      in poppler/PDFDoc.cc.
    - CVE-2019-9903
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
      boxes in splash/Splash.cc.
    - CVE-2019-10872
  * SECURITY UPDATE: buffer over-read in JPXStream::init
    - debian/patches/CVE-2019-12293.patch: fail gracefully if not all
      components have the same WxH in poppler/JPEG2000Stream.cc.
    - CVE-2019-12293

 -- Marc Deslauriers <email address hidden>  Wed, 26 Jun 2019 09:43:05 -0400
  • poppler (0.68.0-0ubuntu1.6) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9200.patch: fix in
      poppler/Stream.cc.
    - CVE-2019-9200

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 28 Feb 2019 12:47:51 -0300
  • poppler (0.68.0-0ubuntu1.5) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20551.patch: fix in
      poppler/Annot.cc.
    - CVE-2018-20551
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-7310.patch: fix in
      poppler/XRef.cc.
    - CVE-2019-7310

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 08 Feb 2019 12:12:49 -0300
  • poppler (0.68.0-0ubuntu1.4) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20481.patch: fix in
      poppler/XRef.cc.
    - CVE-2018-20481
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20650.patch: fix in
      poppler/FileSpec.cc.
    - CVE-2018-20650

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 21 Jan 2019 09:54:17 -0300
  • poppler (0.68.0-0ubuntu1.3) cosmic-security; urgency=medium

  * SECURITY REGRESSION: fixing regression in check entry
    - debian/patches/CVE-2018-16646-fix-regression-p1.patch
    - debian/patches/CVE-2018-16646-fix-regression-p2.patch

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 10 Dec 2018 15:46:44 -0300
  • poppler (0.68.0-0ubuntu1.2) cosmic-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 03 Dec 2018 13:14:23 -0300
  • poppler (0.68.0-0ubuntu1.1) cosmic; urgency=medium

  * debian/patches/git_embed_segfault.patch:
    - "Check whether an embedded file is actually present in the PDF
       and show warning in that case." (lp: #1803059)

 -- Sebastien Bacher <email address hidden>  Fri, 23 Nov 2018 16:01:35 +0100
  • poppler (0.68.0-0ubuntu1) cosmic; urgency=medium

  * New upstream version
    - TextPage: Add horizontal scaling to font matrix (lp: #1761567)
  * Updated for the soname change libpoppler73 -> 79
  * debian/patches/proper-init.patch:
    - removed, the issue has been fixed upstream in another way since
  * debian/patches/01-new-gtk-doc.patch,
    debian/patches/cairo-good-filter.patch,
    debian/patches/CVE-2017-18267.patch:
    - removed, the fixes are in the new version
  * debian/patches/series:
    - added a comment about the remaining patches

 -- Sebastien Bacher <email address hidden>  Wed, 22 Aug 2018 11:30:47 +0200
  • poppler (0.62.0-2ubuntu3) cosmic; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-18267.patch: fix issue for malformed
      documents in fofi/FoFiType1C.cc.
    - CVE-2017-18267

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 16 May 2018 13:30:19 -0300
  • poppler (0.62.0-2ubuntu2) bionic; urgency=medium

  * Cherry-pick cairo-good-filter.patch from 0.63:
    Use cairo's GOOD filter instead of BEST to significantly improve
    performance. Thanks Rogério Brito for suggesting this patch.
    (Closes: #895487) (LP: #1763874)

 -- Jeremy Bicha <email address hidden>  Fri, 13 Apr 2018 22:08:42 -0400