Ubuntu
poppler package

Bug #28030
Comment #3

Comment 3 for bug 28030

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2006-01-05:

Message-Id: <email address hidden>
Date: Thu, 05 Jan 2006 06:17:24 -0800
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <email address hidden>
To: <email address hidden>
Subject: Bug#346076: fixed in poppler 0.4.3-2

Source: poppler
Source-Version: 0.4.3-2

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

libpoppler-dev_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler-dev_0.4.3-2_i386.deb
libpoppler-glib-dev_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler-glib-dev_0.4.3-2_i386.deb
libpoppler-qt-dev_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler-qt-dev_0.4.3-2_i386.deb
libpoppler0c2-glib_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler0c2-glib_0.4.3-2_i386.deb
libpoppler0c2-qt_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler0c2-qt_0.4.3-2_i386.deb
libpoppler0c2_0.4.3-2_i386.deb
  to pool/main/p/poppler/libpoppler0c2_0.4.3-2_i386.deb
poppler-utils_0.4.3-2_i386.deb
  to pool/main/p/poppler/poppler-utils_0.4.3-2_i386.deb
poppler_0.4.3-2.diff.gz
  to pool/main/p/poppler/poppler_0.4.3-2.diff.gz
poppler_0.4.3-2.dsc
  to pool/main/p/poppler/poppler_0.4.3-2.dsc

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <email address hidden> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 5 Jan 2006 14:54:44 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.3-2
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <email address hidden>
Changed-By: Ondřej Surý <email address hidden>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
libpoppler0c2 - PDF rendering library
libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076
Changes:
poppler (0.4.3-2) unstable; urgency=high
.
   [ Martin Pitt ]
   * SECURITY UPDATE: Multiple integer/buffer overflows.
   * Add debian/patches/003-CVE-2005-3624_5_7.patch:
     - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
       + Check columns for negative or large values.
       + CVE-2005-3624
     - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
       + Reset numComps to 0 since it's a global variable that is used later.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readHuffmanTables():
       + Fix out of bounds array access in Huffman tables.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readMarker():
       + Check for EOF in while loop to prevent endless loops.
       + CVE-2005-3625
     - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
       JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
       + Check user supplied width and height against invalid values.
       + Allocate one extra byte to prevent out of bounds access in combine().
   * Add debian/patches/004-fix-CVE-2005-3192.patch:
     - Fix nVals int overflow check in StreamPredictor::StreamPredictor().
     - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
.
   [ Ondřej Surý ]
   * Merge changes from Ubuntu (Closes: #346076).
   * Enable Cairo output again.
Files:
85bd59f9761a5fc51ee67850f3f8eb84 1730 devel optional poppler_0.4.3-2.dsc
4fb9555f5711c80b3caeb6df7c0913de 124328 devel optional poppler_0.4.3-2.diff.gz
f6909f0d5cba133ce384f74cee24f339 433928 libs optional libpoppler0c2_0.4.3-2_i386.deb
671deea9a7e0cb48bb4c2799f892d8c7 579738 libdevel optional libpoppler-dev_0.4.3-2_i386.deb
516d02d25fdc8232c7d321206e78cee6 39160 libs optional libpoppler0c2-glib_0.4.3-2_i386.deb
cccb06aae626847a2a050fc6d762c1ac 42946 libdevel optional libpoppler-glib-dev_0.4.3-2_i386.deb
a8080202edd1eae7f73aec5a7ead7608 27666 libs optional libpoppler0c2-qt_0.4.3-2_i386.deb
debd121e260aacc1a3ae3e454f0109f9 28644 libdevel optional libpoppler-qt-dev_0.4.3-2_i386.deb
c727731728e2593f2ff495a9aefdcf8a 79482 utils optional poppler-utils_0.4.3-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDvSbE9OZqfMIN8nMRAj9mAJ4gbjNrYS9I9mrGiI+0jIP35s2dtgCfUAEO
50aIKYptzQhsGXOV0dy3cDA=
=q+1o
-----END PGP SIGNATURE-----

Message-Id: <E1EuVvg-0007d1-Em@spohr.debian.org>
Date: Thu, 05 Jan 2006 06:17:24 -0800
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@debian.org>
To: 346076-close@bugs.debian.org
Subject: Bug#346076: fixed in poppler 0.4.3-2

Source: poppler
Source-Version: 0.4.3-2

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 346076@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  5 Jan 2006 14:54:44 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source i386
Version: 0.4.3-2
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
 libpoppler0c2 - PDF rendering library
 libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
 libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076
Changes: 
 poppler (0.4.3-2) unstable; urgency=high
 .
   [ Martin Pitt ]
   * SECURITY UPDATE: Multiple integer/buffer overflows.
   * Add debian/patches/003-CVE-2005-3624_5_7.patch:
     - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
       + Check columns for negative or large values.
       + CVE-2005-3624
     - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
       + Reset numComps to 0 since it's a global variable that is used later.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readHuffmanTables():
       + Fix out of bounds array access in Huffman tables.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readMarker():
       + Check for EOF in while loop to prevent endless loops.
       + CVE-2005-3625
     - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
       JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
       + Check user supplied width and height against invalid values.
       + Allocate one extra byte to prevent out of bounds access in combine().
   * Add debian/patches/004-fix-CVE-2005-3192.patch:
     - Fix nVals int overflow check in StreamPredictor::StreamPredictor().
     - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
 .
   [ Ondřej Surý ]
   * Merge changes from Ubuntu (Closes: #346076).
   * Enable Cairo output again.
Files: 
 85bd59f9761a5fc51ee67850f3f8eb84 1730 devel optional poppler_0.4.3-2.dsc
 4fb9555f5711c80b3caeb6df7c0913de 124328 devel optional poppler_0.4.3-2.diff.gz
 f6909f0d5cba133ce384f74cee24f339 433928 libs optional libpoppler0c2_0.4.3-2_i386.deb
 671deea9a7e0cb48bb4c2799f892d8c7 579738 libdevel optional libpoppler-dev_0.4.3-2_i386.deb
 516d02d25fdc8232c7d321206e78cee6 39160 libs optional libpoppler0c2-glib_0.4.3-2_i386.deb
 cccb06aae626847a2a050fc6d762c1ac 42946 libdevel optional libpoppler-glib-dev_0.4.3-2_i386.deb
 a8080202edd1eae7f73aec5a7ead7608 27666 libs optional libpoppler0c2-qt_0.4.3-2_i386.deb
 debd121e260aacc1a3ae3e454f0109f9 28644 libdevel optional libpoppler-qt-dev_0.4.3-2_i386.deb
 c727731728e2593f2ff495a9aefdcf8a 79482 utils optional poppler-utils_0.4.3-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDvSbE9OZqfMIN8nMRAj9mAJ4gbjNrYS9I9mrGiI+0jIP35s2dtgCfUAEO
50aIKYptzQhsGXOV0dy3cDA=
=q+1o
-----END PGP SIGNATURE-----

Ubuntupoppler package

Comment 3 for bug 28030

Ubuntu
poppler package