FreezeException for poppler (12 different CVE numbers)

Bug #361875 reported by Marc Deslauriers on 2009-04-15
256
Affects Status Importance Assigned to Milestone
poppler (Ubuntu)
Medium
Unassigned

Bug Description

On 2009-04-16 twelve new CVE numbers for numerous security vulnerabilities in poppler will be unembargoed. At this time, we will be releasing poppler updates for dapper, hardy, intrepid. This FFe is to release an update for jaunty. Attached is the debdiff I plan to release.

Here are the CVE numbers:

    - CVE-2009-0146
    - CVE-2009-0147
    - CVE-2009-0166
    - CVE-2009-0799
    - CVE-2009-0800
    - CVE-2009-1179
    - CVE-2009-1180
    - CVE-2009-1181
    - CVE-2009-1182
    - CVE-2009-1183
    - CVE-2009-1187
    - CVE-2009-1188

Please consider all of these issues embargoed and therefore not public until April 16th, 2009.

Marc Deslauriers (mdeslaur) wrote :
summary: - FFe for poppler (12 different CVE numbers)
+ FreezeException for poppler (12 different CVE numbers)
Kees Cook (kees) on 2009-04-16
Changed in poppler (Ubuntu):
status: New → Confirmed
visibility: private → public
Kees Cook (kees) on 2009-04-16
Changed in poppler (Ubuntu):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package poppler - 0.10.5-1ubuntu2

---------------
poppler (0.10.5-1ubuntu2) jaunty; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution from
    multiple integer overflows, buffer overflows, and other issues with
    JBIG2 decoding. (LP: #361875)
    - debian/patches/11_security_jbig2.patch: prevent integer overflow in
      poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
      checking, improve error handling, and fix other issues in
      poppler/JBIG2Stream.*.
    - CVE-2009-0146
    - CVE-2009-0147
    - CVE-2009-0166
    - CVE-2009-0799
    - CVE-2009-0800
    - CVE-2009-1179
    - CVE-2009-1180
    - CVE-2009-1181
    - CVE-2009-1182
    - CVE-2009-1183
    - CVE-2009-1187
    - CVE-2009-1188

 -- Marc Deslauriers <email address hidden> Thu, 16 Apr 2009 22:40:29 -0400

Changed in poppler (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers