-
poppler (0.5.1-0ubuntu7.8) dapper-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/106_security_CVE-2010-3702.patch: properly initialize
parser in poppler/Gfx.cc.
- CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/107_security_CVE-2010-3704.patch: make sure code isn't
< 0 in fofi/FoFiType1.cc.
- CVE-2010-3704
-- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 16:45:03 -0400
-
poppler (0.5.1-0ubuntu7.7) dapper-security; urgency=low
* SECURITY UPDATE: regression in poppler security update (LP: #457985)
- debian/patches/104_security_CVE-2009-3605.patch: update patch to
introduce gmallocn_checkoverflow in goo/gmem.{c,h} and use it in
splash/SplashFTFont.cc, as bitmap->h can be 0 and this could cause a
regression with certain applications.
- CVE-2009-3605
-- Marc Deslauriers <email address hidden> Thu, 22 Oct 2009 10:33:57 -0400
-
poppler (0.5.1-0ubuntu7.6) dapper-security; urgency=low
* SECURITY UPDATE: unsafe malloc usage
- debian/patches/104_security_CVE-2009-3605.patch: introduce gmallocn3
and add additional allocation size checks in goo/gmem.{c,h}, replace
malloc calls with safe versions in glib/poppler-page.cc,
poppler/{ArthurOutputDev,CairoOutputDev,GfxState,JBIG2Stream,
PSOutputDev,SplashOutputDev}.cc, splash/{Splash,SplashFTFont}.cc.
- CVE-2009-3605
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in rowSize computation
- debian/patches/105_security_CVE-2009-360x.patch: make sure width
value is sane in splash/SplashBitmap.cc.
- CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in pixel buffer size calculation
- debian/patches/105_security_CVE-2009-360x.patch: make sure yp value
is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
- CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in object stream handling
- debian/patches/105_security_CVE-2009-360x.patch: limit number of
nObjects in poppler/XRef.cc.
- CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflow in ImageStream::ImageStream
- debian/patches/105_security_CVE-2009-360x.patch: check size of width
and nComps in poppler/Stream.cc.
- CVE-2009-3609
-- Marc Deslauriers <email address hidden> Mon, 19 Oct 2009 19:27:20 -0400
-
poppler (0.5.1-0ubuntu7.5) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution from
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding.
- debian/patches/103_security_jbig2.patch: prevent integer overflow in
poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
checking, improve error handling, and fix other issues in
poppler/JBIG2Stream.*.
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
-- Marc Deslauriers <email address hidden> Thu, 09 Apr 2009 13:31:40 -0400
-
poppler (0.5.1-0ubuntu7.4) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger
type-checking added.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 13:04:21 -0700
-
poppler (0.5.1-0ubuntu7.3) dapper-security; urgency=low
* SECURITY UPDATE: out of bounds array access causes memory corruption via
a crafted PDF file
* fix for DCTStream::readScanInfo() in Stream.cc to properly check
boundaries
* SECURITY UPDATE: integer overflow resulting in heap-based overflow and
potential arbitrary code execution via crafted PDF file
* fix for DCTStream::reset() in Stream.cc to properly check width and height
* SECURITY UPDATE: boundary error in lookChar() resulting in heap-based
overflow and potential arbitrary code execution via crafted PDF file
* fixes for CCITTFaxStream::CCITTFaxStream and CCITTFaxStream::lookChar() in
Stream.cc to properly check boundary conditions. This also includes
upstream refactoring for easier maintenance.
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
-- Jamie Strandboge <email address hidden> Tue, 13 Nov 2007 10:07:37 -0500
-
poppler (0.5.1-0ubuntu7.2) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted PDFs
* Add debian/patches/100_streampredictor_overflow.patch: upstream fixes.
* References
CVE-2007-3387
-- Kees Cook <email address hidden> Tue, 07 Aug 2007 09:27:27 -0700
-
poppler (0.5.1-0ubuntu7.1) dapper-security; urgency=low
* SECURITY UPDATE: Denial of Service.
* Add debian/patches/004_CVE-2007-0104.patch:
- Limit recursion depth of the parsing tree to 100 to avoid infinite loop
with crafted documents.
- Patch taken from koffice security update (which has a copy of xpdf
sources).
-- Martin Pitt <email address hidden> Tue, 16 Jan 2007 17:02:41 +0000
-
poppler (0.5.1-0ubuntu7) dapper; urgency=low
* Add debian/patches/003_refcount.patch: Fix reference counting. Thanks to
Gary Coady for the patch! Closes: LP#24970
-- Martin Pitt <email address hidden> Fri, 28 Apr 2006 16:13:29 +0200
-
poppler (0.5.1-0ubuntu6) dapper; urgency=low
* Install poppler-page-transition into libpoppler-qt-dev (not
libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179
-- Martin Pitt <email address hidden> Mon, 10 Apr 2006 12:20:46 +0200
-
poppler (0.5.1-0ubuntu5) dapper; urgency=low
* debian/patches/000_incorrect_define_fix.patch:
- patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239)
-- Sebastien Bacher <email address hidden> Thu, 23 Mar 2006 12:33:17 +0100
-
poppler (0.5.1-0ubuntu4) dapper; urgency=low
* debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev,
because we directly include <fontconfig/fontconfig.h> in GlobalParams.h
-- Adam Conrad <email address hidden> Thu, 16 Mar 2006 11:23:00 +1100
-
poppler (0.5.1-0ubuntu3) dapper; urgency=low
* debian/control.in: Have poppler-utils Replace: xpdf-reader, since both
contain pdftoppm.1.gz.
-- Martin Pitt <email address hidden> Mon, 13 Mar 2006 09:10:12 +0100
-
poppler (0.5.1-0ubuntu2) dapper; urgency=low
* debian/control.in:
- fix the libpoppler1 package description
-- Sebastien Bacher <email address hidden> Thu, 9 Mar 2006 09:43:15 +0000
-
poppler (0.5.1-0ubuntu1) dapper; urgency=low
* New upstream version:
- Support for embedded files.
- Handle 0-width lines correctly.
- Avoid external file use when opening fonts.
- Only use vector fonts returned from fontconfig (#5758).
- Fix scaled 1x1 pixmaps use for drawing lines (#3387).
- drawSoftMaskedImage support in cairo backend.
- Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420.
* debian/control.in, debian/libpoppler0c2.dirs,
debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install,
debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs,
debian/libpoppler0c2-qt.install, debian/rules:
- updated for the soname change
* debian/patches/000_splash_build_fix.patch:
- fix build when using splash
* debian/patches/001_fixes_for_fonts_selection.patch:
- fix with the new version
-- Sebastien Bacher <email address hidden> Mon, 6 Mar 2006 18:42:44 +0000
-
poppler (0.5.0-0ubuntu5) dapper; urgency=low
* debian/control.in, debian/rules:
- build without libcairo
-- Sebastien Bacher <email address hidden> Sun, 26 Feb 2006 20:05:10 +0100
-
poppler (0.5.0-0ubuntu4) dapper; urgency=low
* debian/patches/001_fixes_for_fonts_selection.patch:
- change from the CVS, fix some renderings issues and fonts selection
-
poppler (0.5.0-0ubuntu3) dapper; urgency=low
* SECURITY UPDATE: Buffer overflow.
* Add debian/patches/002_CVE-2006-0301.patch:
- splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(),
Splash::xorSpan(): Check coordinates for integer overflow.
* CVE-2006-0301
-
poppler (0.5.0-0ubuntu2) dapper; urgency=low
* debian/rules: Bump shlibs version to 0.5.0.
-- Martin Pitt <email address hidden> Fri, 20 Jan 2006 16:56:40 +0100
-
poppler (0.4.3-1ubuntu1) dapper; urgency=low
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add debian/patches/003-CVE-2005-3624_5_7.patch:
- poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
+ Check columns for negative or large values.
+ CVE-2005-3624
- poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
+ Reset numComps to 0 since it's a global variable that is used later.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readHuffmanTables():
+ Fix out of bounds array access in Huffman tables.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readMarker():
+ Check for EOF in while loop to prevent endless loops.
+ CVE-2005-3625
- poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
+ Check user supplied width and height against invalid values.
+ Allocate one extra byte to prevent out of bounds access in combine().
* Add debian/patches/004-fix-CVE-2005-3192.patch:
- Fix nVals int overflow check in StreamPredictor::StreamPredictor().
- Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 13:44:58 +0100
-
poppler (0.4.3-1) unstable; urgency=high
* New upstream release.
* New maintainer (Closes: #344738)
* CVE-2005-3191 and CAN-2005-2097 fixes merged upstream.
* Fixed some rendering bugs and disabled Cairo output
(Closes: #314556, #322964, #328211)
* Acknowledge NMU (Closes: #342288)
* Add 001-selection-crash-bug.patch (Closes: #330544)
* Add poppler-utils (merge patch from Ubuntu)
-- Ondřej Surý <email address hidden> Fri, 30 Dec 2005 11:34:07 +0100
-
poppler (0.4.2-1ubuntu5) dapper; urgency=low
* debian/patches/04_CVE-2005-3191_2_3.patch:
- poppler/Stream.cc, StreamPredictor::StreamPredictor(): Check for
(nVals * nBits) + 7 overflow, too.
-- Martin Pitt <email address hidden> Mon, 12 Dec 2005 10:58:32 +0100
-
poppler (0.4.2-1ubuntu4) dapper; urgency=low
* debian/patches/04_CVE-2005-3191_2_3.patch:
- Change upstream patch for StreamPredictor::StreamPredictor() and
JPXStream::readCodestream() checks to use division instead of
multplication, which is undefined on overflow.
-- Martin Pitt <email address hidden> Fri, 9 Dec 2005 17:38:56 +0100
