-
poppler (0.74.0-0ubuntu1.3) disco-security; urgency=medium
* SECURITY UPDATE: Divide-by-zero error
- debian/patches/CVE-2019-14494.patch: Fix crash on broken file
in poppler/SplashOutputDev.cc.
- CVE-2019-14494
-- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Aug 2019 14:15:21 -0300
-
poppler (0.74.0-0ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: DoS via crafted PDF file
- debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
Dict in utils/pdfunite.cc.
- CVE-2018-20662
* SECURITY UPDATE: buffer underwrite in ImageStream::getLine()
- debian/patches/CVE-2019-9200.patch: add check to poppler/Stream.cc.
- CVE-2019-9200
* SECURITY UPDATE: buffer over-read in downsample_row_box_filter
- debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
for box filter in poppler/CairoRescaleBox.cc.
- debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
rescale filter in poppler/CairoRescaleBox.cc.
- CVE-2019-9631
* SECURITY UPDATE: dict marking mishandling
- debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
in poppler/PDFDoc.cc.
- CVE-2019-9903
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
boxes in splash/Splash.cc.
- CVE-2019-10872
* SECURITY UPDATE: NULL pointer dereference in SplashClip::clipAALine
- debian/patches/CVE-2019-10873.patch: make sure the index of
allIntersections we access is valid in splash/SplashXPathScanner.cc.
- CVE-2019-10873
* SECURITY UPDATE: buffer over-read in JPXStream::init
- debian/patches/CVE-2019-12293.patch: fail gracefully if not all
components have the same WxH in poppler/JPEG2000Stream.cc.
- CVE-2019-12293
-- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 07:16:49 -0400
-
poppler (0.74.0-0ubuntu1.1) disco; urgency=medium
* debian/patches/git_unicode_search.patch:
- backport a fix for a regression on case-insensitive search
(lp: #1829785)
-- Sebastien Bacher <email address hidden> Tue, 21 May 2019 16:30:23 +0200
-
poppler (0.74.0-0ubuntu1) disco; urgency=medium
* New upstream version, remove the patches included in the update
* Updated for the soname change libpoppler82 -> libpoppler85
* debian/rules: ENABLE_XPDF_HEADERS -> ENABLE_UNSTABLE_API_ABI_HEADERS
-- Sebastien Bacher <email address hidden> Thu, 21 Feb 2019 11:18:59 +0100
-
poppler (0.71.0-2ubuntu4) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-7310.patch: fix in
poppler/XRef.cc.
- CVE-2019-7310
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Feb 2019 10:25:07 -0300
-
poppler (0.71.0-2ubuntu3) disco; urgency=medium
* SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
poppler/Parser.cc, poppler/XRef.h. This patch also includes the
regression fix in check entry.
- CVE-2018-16646
* SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
* SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
embedded file in utils/pdfdetach.cc.
- CVE-2018-19060
-- <email address hidden> (Leonidas S. Barbosa) Mon, 28 Jan 2019 09:58:13 -0300
-
poppler (0.71.0-2ubuntu2) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20481.patch: fix in
poppler/XRef.cc.
- CVE-2018-20481
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20551.patch: fix in
poppler/Annot.cc.
- CVE-2018-20551
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20650.patch: fix in
poppler/FileSpec.cc.
- CVE-2018-20650
-- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 09:35:54 -0300
-
poppler (0.71.0-2ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- do not use openjpeg (universe, MIR pending)
- fix jpx security bugs, because of internal copy,
can be dropped once openjpeg goes in main
- CVE-2017-9083.patch
- CVE-2017-2820.patch
poppler (0.71.0-2) unstable; urgency=medium
* Upload to unstable.
-- Gianfranco Costamagna <email address hidden> Tue, 08 Jan 2019 09:07:10 +0100
-
poppler (0.71.0-1ubuntu1) disco; urgency=medium
* Merge from Debian experimental. Remaining changes:
- do not use openjpeg (universe, MIR pending)
- fix jpx security bugs, because of internal copy,
can be dropped once openjpeg goes in main
- CVE-2017-9083.patch
- CVE-2017-2820.patch
poppler (0.71.0-1) experimental; urgency=medium
* New upstream release.
* libpoppler80 -> libpoppler82.
* Update libpoppler-glib8 and libpoppler-qt5-1 symbols.
* Update copyright holders.
-- Gianfranco Costamagna <email address hidden> Fri, 04 Jan 2019 18:49:54 +0100
-
poppler (0.71.0-0ubuntu3) disco; urgency=medium
* Re-upload the 0.71 update which was deleted from disco-proposed to
not get in the way of other transitions (lp: #1796717)
- include a fix for a crash due to missing embedded file (lp: #1803059)
poppler (0.71.0-0ubuntu2) disco; urgency=medium
* Declare some symbols optional to fix the build
poppler (0.71.0-0ubuntu1) disco; urgency=medium
* New upstream version
* Changed the binary name according to the soname update
* Updated the symbols
-- Sebastien Bacher <email address hidden> Fri, 23 Nov 2018 15:35:31 +0100
-
poppler (0.71.0-0ubuntu2) disco; urgency=medium
* Declare some symbols optional to fix the build
-- Sebastien Bacher <email address hidden> Thu, 15 Nov 2018 11:30:22 +0100
-
poppler (0.71.0-0ubuntu1) disco; urgency=medium
* New upstream version
* Changed the binary name according to the soname update
* Updated the symbols
poppler (0.70.1-0ubuntu2) cosmic; urgency=medium
* Update symbols files
poppler (0.70.1-0ubuntu1) cosmic; urgency=medium
* New upstream release
poppler (0.69.0-2ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- do not use openjpeg (universe, MIR pending)
- fix jpx security bugs, because of internal copy,
can be dropped once openjpeg goes in main
- CVE-2017-9083.patch
- CVE-2017-2820.patch
poppler (0.69.0-2) unstable; urgency=medium
* Upload to unstable.
poppler (0.69.0-1) experimental; urgency=medium
* New upstream release.
* libpoppler77 -> libpoppler80.
* Update copyright holders.
-- Sebastien Bacher <email address hidden> Thu, 15 Nov 2018 11:08:01 +0100
-
poppler (0.68.0-0ubuntu1) cosmic; urgency=medium
* New upstream version
- TextPage: Add horizontal scaling to font matrix (lp: #1761567)
* Updated for the soname change libpoppler73 -> 79
* debian/patches/proper-init.patch:
- removed, the issue has been fixed upstream in another way since
* debian/patches/01-new-gtk-doc.patch,
debian/patches/cairo-good-filter.patch,
debian/patches/CVE-2017-18267.patch:
- removed, the fixes are in the new version
* debian/patches/series:
- added a comment about the remaining patches
-- Sebastien Bacher <email address hidden> Wed, 22 Aug 2018 11:30:47 +0200
