Ubuntu
poppler package

  1. Bug #26647
  2. Comment #17

Comment 17 for bug 26647

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sat, 24 Dec 2005 01:32:07 -0800
From: =?utf-8?q?Frank_K=C3=BCster?= <email address hidden>
To: <email address hidden>
Cc: =?utf-8?q?Frank_K=C3=BCster?= <email address hidden>, Changwoo Ryu <email address hidden>
Subject: Fixed in NMU of poppler 0.4.2-1.1

tag 342288 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 23 Dec 2005 16:36:30 +0100
Source: poppler
Binary: libpoppler-glib-dev libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Changwoo Ryu <email address hidden>
Changed-By: Frank Küster <email address hidden>
Description:
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
 libpoppler0c2 - PDF rendering library
 libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
 libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
Closes: 342288
Changes:
 poppler (0.4.2-1.1) unstable; urgency=high
 .
   * SECURITY UPDATE: Multiple integer/buffer overflows.
 .
   * NMU to fix RC security bug (closes: #342288)
   * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu,
     thanks to Martin Pitt:
   * poppler/Stream.cc, DCTStream::readBaselineSOF(),
     DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
     - Check numComps for invalid values.
     - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
     - CVE-2005-3191
   * poppler/Stream.cc, StreamPredictor::StreamPredictor():
     - Check rowBytes for invalid values.
     - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
     - CVE-2005-3192
    * poppler/JPXStream.cc, JPXStream::readCodestream():
      - Check img.nXTiles * img.nYTiles for integer overflow.
      - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities
      - CVE-2005-3193
Files:
 fa5985bf510c5dc3793156b056cc78a4 1750 devel optional poppler_0.4.2-1.1.dsc
 384879819f5e5dca860ddb639729bc86 5859 devel optional poppler_0.4.2-1.1.diff.gz
 0247cf16c73b8b62ef757d96daf30897 432912 libs optional libpoppler0c2_0.4.2-1.1_i386.deb
 beaa0aa70ca97108c1b997c1cb14cd79 578472 libdevel optional libpoppler-dev_0.4.2-1.1_i386.deb
 78fc2dcc40d9e3c35a75248dcdac06f3 38076 libs optional libpoppler0c2-glib_0.4.2-1.1_i386.deb
 c5234e6480d01d1598de712269db17d8 41794 libdevel optional libpoppler-glib-dev_0.4.2-1.1_i386.deb
 a1c780d7a092ae6c0981c3d6ae670d60 26566 libs optional libpoppler0c2-qt_0.4.2-1.1_i386.deb
 48fafdd9dea81ca896648aa27dc57539 27540 libdevel optional libpoppler-qt-dev_0.4.2-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDrB+T+xs9YyJS+hoRAkGeAKCGNO5wdGYnEkfuL1m1R5jwVgpeyACgjjbu
pxGJG86s2jzHK+Gk5h/6WcM=
=sW6p
-----END PGP SIGNATURE-----