FreezeException for poppler (12 different CVE numbers)
Bug #361875 reported by
Marc Deslauriers
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| poppler (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
On 2009-04-16 twelve new CVE numbers for numerous security vulnerabilities in poppler will be unembargoed. At this time, we will be releasing poppler updates for dapper, hardy, intrepid. This FFe is to release an update for jaunty. Attached is the debdiff I plan to release.
Here are the CVE numbers:
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
- CVE-2009-1187
- CVE-2009-1188
Please consider all of these issues embargoed and therefore not public until April 16th, 2009.
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| summary: |
- FFe for poppler (12 different CVE numbers) + FreezeException for poppler (12 different CVE numbers) |
| Changed in poppler (Ubuntu): | |
| status: | New → Confirmed |
| visibility: | private → public |
| Changed in poppler (Ubuntu): | |
| importance: | Undecided → Medium |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in poppler (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package poppler - 0.10.5-1ubuntu2
---------------
poppler (0.10.5-1ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: denial of service and possible code execution from
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding. (LP: #361875)
- debian/
poppler/
checking, improve error handling, and fix other issues in
poppler/
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
- CVE-2009-1187
- CVE-2009-1188
-- Marc Deslauriers <email address hidden> Thu, 16 Apr 2009 22:40:29 -0400