-
poppler (0.5.4-0ubuntu8.3) feisty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger
type-checking added.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 13:04:21 -0700
-
poppler (0.5.4-0ubuntu8.2) feisty-security; urgency=low
* SECURITY UPDATE: out of bounds array access causes memory corruption via
a crafted PDF file
* fix for DCTStream::readScanInfo() in Stream.cc to properly check boundaries
* SECURITY UPDATE: integer overflow resulting in heap-based overflow and
potential arbitrary code execution via crafted PDF file
* fix for DCTStream::reset() in Stream.cc to properly check width and height
* SECURITY UPDATE: boundary error in lookChar() resulting in heap-based
overflow and potential arbitrary code execution via crafted PDF file
* fixes for CCITTFaxStream::CCITTFaxStream and CCITTFaxStream::lookChar() in
Stream.cc to properly check boundary conditions. This also includes
upstream refactoring for easier maintenance.
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
-- Jamie Strandboge <email address hidden> Tue, 13 Nov 2007 08:31:43 -0500
-
poppler (0.5.4-0ubuntu8.1) feisty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted PDFs
* Add debian/patches/100_streampredictor_overflow.patch: upstream fixes.
* References
CVE-2007-3387
-- Kees Cook <email address hidden> Tue, 07 Aug 2007 09:27:27 -0700
-
poppler (0.5.4-0ubuntu8) feisty; urgency=low
* debian/patches/005_fix_inverted_text_from_bug_8944.patch:
- fixes "text is inverted in some PDFs" (LP: #93772)
-- Daniel Holbach <email address hidden> Thu, 5 Apr 2007 12:27:48 +0200
-
poppler (0.5.4-0ubuntu7) feisty; urgency=low
* debian/control.in: add versioned conflict on pdftohtml. (LP: #99894)
* Adhere to DebianMaintainerField.
-- Lionel Le Folgoc <email address hidden> Mon, 2 Apr 2007 00:42:40 +0200
-
poppler (0.5.4-0ubuntu6) feisty; urgency=low
* debian/control.in:
- Build-Depends on libcairo2-dev
- libpoppler-glib-dev Depends on libcairo2-dev
* debian/libpoppler-glib-dev.install:
- install html documentation
* debian/libpoppler-dev.install:
- also install poppler-cairo.pc
* debian/rules:
- build the cairo variant
-- Sebastien Bacher <email address hidden> Wed, 14 Mar 2007 14:17:52 +0100
-
poppler (0.5.4-0ubuntu5) feisty; urgency=low
* SECURITY UPDATE: Denial of Service.
* Add debian/patches/004_CVE-2007-0104.patch:
- Limit recursion depth of the parsing tree to 100 to avoid infinite loop
with crafted documents.
- Patch taken from koffice security update (which has a copy of xpdf
sources).
-- Martin Pitt <email address hidden> Tue, 16 Jan 2007 17:58:48 +0100
-
poppler (0.5.4-0ubuntu4) edgy; urgency=low
* Clean sources before upload
-- Jonathan Riddell <email address hidden> Thu, 12 Oct 2006 11:55:54 +0100
