FreezeException for poppler (12 different CVE numbers)
Bug #361875 reported by
Marc Deslauriers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
poppler (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
On 2009-04-16 twelve new CVE numbers for numerous security vulnerabilities in poppler will be unembargoed. At this time, we will be releasing poppler updates for dapper, hardy, intrepid. This FFe is to release an update for jaunty. Attached is the debdiff I plan to release.
Here are the CVE numbers:
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
- CVE-2009-1187
- CVE-2009-1188
Please consider all of these issues embargoed and therefore not public until April 16th, 2009.
summary: |
- FFe for poppler (12 different CVE numbers) + FreezeException for poppler (12 different CVE numbers) |
Changed in poppler (Ubuntu): | |
status: | New → Confirmed |
visibility: | private → public |
Changed in poppler (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.
This bug was fixed in the package poppler - 0.10.5-1ubuntu2
---------------
poppler (0.10.5-1ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: denial of service and possible code execution from patches/ 11_security_ jbig2.patch: prevent integer overflow in CairoOutputDev. cc and splash/ SplashBitmap. cc, add overflow JBIG2Stream. *.
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding. (LP: #361875)
- debian/
poppler/
checking, improve error handling, and fix other issues in
poppler/
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
- CVE-2009-1187
- CVE-2009-1188
-- Marc Deslauriers <email address hidden> Thu, 16 Apr 2009 22:40:29 -0400