Message-Id: <email address hidden>
Date: Thu, 05 Jan 2006 06:17:24 -0800
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <email address hidden>
To: <email address hidden>
Subject: Bug#346076: fixed in poppler 0.4.3-2
Source: poppler
Source-Version: 0.4.3-2
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:
libpoppler-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-dev_0.4.3-2_i386.deb
libpoppler-glib-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-glib-dev_0.4.3-2_i386.deb
libpoppler-qt-dev_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler-qt-dev_0.4.3-2_i386.deb
libpoppler0c2-glib_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2-glib_0.4.3-2_i386.deb
libpoppler0c2-qt_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2-qt_0.4.3-2_i386.deb
libpoppler0c2_0.4.3-2_i386.deb
to pool/main/p/poppler/libpoppler0c2_0.4.3-2_i386.deb
poppler-utils_0.4.3-2_i386.deb
to pool/main/p/poppler/poppler-utils_0.4.3-2_i386.deb
poppler_0.4.3-2.diff.gz
to pool/main/p/poppler/poppler_0.4.3-2.diff.gz
poppler_0.4.3-2.dsc
to pool/main/p/poppler/poppler_0.4.3-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <email address hidden> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 5 Jan 2006 14:54:44 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.3-2
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <email address hidden>
Changed-By: Ondřej Surý <email address hidden>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
libpoppler0c2 - PDF rendering library
libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076
Changes:
poppler (0.4.3-2) unstable; urgency=high
.
[ Martin Pitt ]
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add debian/patches/003-CVE-2005-3624_5_7.patch:
- poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
+ Check columns for negative or large values.
+ CVE-2005-3624
- poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
+ Reset numComps to 0 since it's a global variable that is used later.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readHuffmanTables():
+ Fix out of bounds array access in Huffman tables.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readMarker():
+ Check for EOF in while loop to prevent endless loops.
+ CVE-2005-3625
- poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
+ Check user supplied width and height against invalid values.
+ Allocate one extra byte to prevent out of bounds access in combine().
* Add debian/patches/004-fix-CVE-2005-3192.patch:
- Fix nVals int overflow check in StreamPredictor::StreamPredictor().
- Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
.
[ Ondřej Surý ]
* Merge changes from Ubuntu (Closes: #346076).
* Enable Cairo output again.
Files:
85bd59f9761a5fc51ee67850f3f8eb84 1730 devel optional poppler_0.4.3-2.dsc
4fb9555f5711c80b3caeb6df7c0913de 124328 devel optional poppler_0.4.3-2.diff.gz
f6909f0d5cba133ce384f74cee24f339 433928 libs optional libpoppler0c2_0.4.3-2_i386.deb
671deea9a7e0cb48bb4c2799f892d8c7 579738 libdevel optional libpoppler-dev_0.4.3-2_i386.deb
516d02d25fdc8232c7d321206e78cee6 39160 libs optional libpoppler0c2-glib_0.4.3-2_i386.deb
cccb06aae626847a2a050fc6d762c1ac 42946 libdevel optional libpoppler-glib-dev_0.4.3-2_i386.deb
a8080202edd1eae7f73aec5a7ead7608 27666 libs optional libpoppler0c2-qt_0.4.3-2_i386.deb
debd121e260aacc1a3ae3e454f0109f9 28644 libdevel optional libpoppler-qt-dev_0.4.3-2_i386.deb
c727731728e2593f2ff495a9aefdcf8a 79482 utils optional poppler-utils_0.4.3-2_i386.deb
Message-Id: <email address hidden> b?T25kxZllaiBTd XLDvQ== ?= <email address hidden>
Date: Thu, 05 Jan 2006 06:17:24 -0800
From: =?utf-8?
To: <email address hidden>
Subject: Bug#346076: fixed in poppler 0.4.3-2
Source: poppler
Source-Version: 0.4.3-2
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:
libpoppler- dev_0.4. 3-2_i386. deb p/poppler/ libpoppler- dev_0.4. 3-2_i386. deb glib-dev_ 0.4.3-2_ i386.deb p/poppler/ libpoppler- glib-dev_ 0.4.3-2_ i386.deb qt-dev_ 0.4.3-2_ i386.deb p/poppler/ libpoppler- qt-dev_ 0.4.3-2_ i386.deb glib_0. 4.3-2_i386. deb p/poppler/ libpoppler0c2- glib_0. 4.3-2_i386. deb qt_0.4. 3-2_i386. deb p/poppler/ libpoppler0c2- qt_0.4. 3-2_i386. deb 0.4.3-2_ i386.deb p/poppler/ libpoppler0c2_ 0.4.3-2_ i386.deb utils_0. 4.3-2_i386. deb p/poppler/ poppler- utils_0. 4.3-2_i386. deb 0.4.3-2. diff.gz p/poppler/ poppler_ 0.4.3-2. diff.gz p/poppler/ poppler_ 0.4.3-2. dsc
to pool/main/
libpoppler-
to pool/main/
libpoppler-
to pool/main/
libpoppler0c2-
to pool/main/
libpoppler0c2-
to pool/main/
libpoppler0c2_
to pool/main/
poppler-
to pool/main/
poppler_
to pool/main/
poppler_0.4.3-2.dsc
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <email address hidden> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 glib-dev - PDF rendering library -- development files (GLib interface) patches/ 003-CVE- 2005-3624_ 5_7.patch: :CCITTFaxStream (): :readHuffmanTab les(): :readMarker( ): JBIG2Stream. cc, JBIG2Bitmap: :JBIG2Bitmap( ),
JBIG2Bitmap: :expand( ), JBIG2Stream: :readHalftoneRe gionSeg( ): patches/ 004-fix- CVE-2005- 3192.patch: ::StreamPredict or(). /bugs.freedeskt op.org/ show_bug. cgi?id= 5514. c51ee67850f3f8e b84 1730 devel optional poppler_0.4.3-2.dsc 0b3caeb6df7c091 3de 124328 devel optional poppler_ 0.4.3-2. diff.gz 3ce384f74cee24f 339 433928 libs optional libpoppler0c2_ 0.4.3-2_ i386.deb 48bb4c2799f892d 8c7 579738 libdevel optional libpoppler- dev_0.4. 3-2_i386. deb 32c7d321206e78c ee6 39160 libs optional libpoppler0c2- glib_0. 4.3-2_i386. deb 7a2a050fc6d762c 1ac 42946 libdevel optional libpoppler- glib-dev_ 0.4.3-2_ i386.deb e7f73aec5a7ead7 608 27666 libs optional libpoppler0c2- qt_0.4. 3-2_i386. deb c1a3ae3e454f010 9f9 28644 libdevel optional libpoppler- qt-dev_ 0.4.3-2_ i386.deb 3f2ff495a9aefdc f8a 79482 utils optional poppler- utils_0. 4.3-2_i386. deb
Date: Thu, 5 Jan 2006 14:54:44 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.3-2
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <email address hidden>
Changed-By: Ondřej Surý <email address hidden>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-
libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
libpoppler0c2 - PDF rendering library
libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076
Changes:
poppler (0.4.3-2) unstable; urgency=high
.
[ Martin Pitt ]
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add debian/
- poppler/Stream.cc, CCITTFaxStream:
+ Check columns for negative or large values.
+ CVE-2005-3624
- poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
+ Reset numComps to 0 since it's a global variable that is used later.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream:
+ Fix out of bounds array access in Huffman tables.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream:
+ Check for EOF in while loop to prevent endless loops.
+ CVE-2005-3625
- poppler/
+ Check user supplied width and height against invalid values.
+ Allocate one extra byte to prevent out of bounds access in combine().
* Add debian/
- Fix nVals int overflow check in StreamPredictor
- Forwarded upstream to https:/
.
[ Ondřej Surý ]
* Merge changes from Ubuntu (Closes: #346076).
* Enable Cairo output again.
Files:
85bd59f9761a5f
4fb9555f5711c8
f6909f0d5cba13
671deea9a7e0cb
516d02d25fdc82
cccb06aae62684
a8080202edd1ea
debd121e260aac
c727731728e259
-----BEGIN PGP SIGNATURE-----
qfMIN8nMRAj9mAJ 4gbjNrYS9I9mrGi I+0jIP35s2dtgCf UAEO V0dy3cDA=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDvSbE9OZ
50aIKYptzQhsGXO
=q+1o
-----END PGP SIGNATURE-----