Merge xpdf 3.02-2 from Debian Unstable

Bug #556483 reported by Luke Faraone
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xpdf (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: xpdf

This package qualifies for a FFe since it fixes several security issues and bug fixes.

debian/changelog:
xpdf (3.02-2) unstable; urgency=high

  [Michael Gilbert]
  * Fix multiple security issues (closes: #551287, #575779).
    - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
      SplashBitmap::SplashBitmap function in SplashBitmap.cc.
    - CVE-2009-3603: Additional integer overflows in the
      SplashBitmap::SplashBitmap function.
    - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
      function in Splash.cc.
    - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
      function in PSOutputDev.cc.
    - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
      function in XRef.cc.
    - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
      function in Stream.cc.
  * Bump standards version to 3.8.4 (no changes required).
  * Use ${misc:Depends}.
  * Adopt the package (closes: #535261, #527840).

  [Rogério Brito]
  * debian/copyright:
    + include versioned link to the GPL.
  * debian/*
    + convert to source format "3.0 (quilt)".
  * debian/{control,compat}:
    + bump compat to 5.
  * debian/control:
    + remove dpatch build-dep and calls in debian/rules.
    + include Homepage field.
    + build-depend on unversioned automake.
    + build-depend on versioned lesstif.
    + wrap build-depends line to keep sanity.
    + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
    + remove debian revision from versioned build-deps.
    + update standards-version to 3.8.3, with no extra changes required.
  * debian/rules:
    + remove commented lines.
    + fix the includes for lesstif. (See below).
    + remove deprecated dh_desktop helper.
    + don't ignore errors when calling "make -i distclean".
    + separate configuration from package compilation to keep things tidy.
    + don't remove recursively things that are only files.
  * debian/patches:
    + rename 00list to series.
    + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
    + refresh enabled patches to avoid potential problems with buildds.
    + escape minus signs from manpages.
    + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
    + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
    + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
  * debian/xpdf-common.postint:
    + don't use command with path in maintainer script.
  * debian/watch:
    + create watch file.
  * debian/xpdf.desktop:
    + remove obsolete indication of encoding.
    + remove custom category "PDFViewer".
  * debian/xpdf-reader.menu:
    + update obsolete section Apps -> Applications.
  * debian/xpdf-reader.dirs:
    + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
  * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).

 -- Michael Gilbert <email address hidden> Fri, 02 Apr 2010 17:40:49 -0400

Related branches

Luke Faraone (lfaraone)
visibility: private → public
Luke Faraone (lfaraone)
Changed in xpdf (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
James Westby (james-w) wrote :

Hi,

Would you request a freeze exception for this?

Scott said that with the packaging being rewritten they would like to take a look.

Thanks,

James

Luke Faraone (lfaraone)
description: updated
Revision history for this message
Scott Kitterman (kitterman) wrote :

What testing have you done?

Revision history for this message
Luke Faraone (lfaraone) wrote :

I verified that xpdf is able to render and print a few of the PDFs I had on hand, as well as the testcases provided in bug 311982.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. FFe approved.

Changed in xpdf (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Bienia (geser) wrote :

Sponsored. Waiting in queue for approval (due to beta2 freeze).

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package xpdf - 3.02-2ubuntu1

---------------
xpdf (3.02-2ubuntu1) lucid; urgency=low

  * Merge from Debian unstable. (LP: #556483) Remaining changes:
    - do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.dpatch:
      pdftops produced wrong PostScript when a large image is in a
      pattern in the input file

xpdf (3.02-2) unstable; urgency=high

  [Michael Gilbert]
  * Fix multiple security issues (closes: #551287, #575779).
    - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
      SplashBitmap::SplashBitmap function in SplashBitmap.cc.
    - CVE-2009-3603: Additional integer overflows in the
      SplashBitmap::SplashBitmap function.
    - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
      function in Splash.cc.
    - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
      function in PSOutputDev.cc.
    - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
      function in XRef.cc.
    - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
      function in Stream.cc.
  * Bump standards version to 3.8.4 (no changes required).
  * Use ${misc:Depends}.
  * Adopt the package (closes: #535261, #527840).

  [Rogério Brito]
  * debian/copyright:
    + include versioned link to the GPL.
  * debian/*
    + convert to source format "3.0 (quilt)".
  * debian/{control,compat}:
    + bump compat to 5.
  * debian/control:
    + remove dpatch build-dep and calls in debian/rules.
    + include Homepage field.
    + build-depend on unversioned automake.
    + build-depend on versioned lesstif.
    + wrap build-depends line to keep sanity.
    + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
    + remove debian revision from versioned build-deps.
    + update standards-version to 3.8.3, with no extra changes required.
  * debian/rules:
    + remove commented lines.
    + fix the includes for lesstif. (See below).
    + remove deprecated dh_desktop helper.
    + don't ignore errors when calling "make -i distclean".
    + separate configuration from package compilation to keep things tidy.
    + don't remove recursively things that are only files.
  * debian/patches:
    + rename 00list to series.
    + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
    + refresh enabled patches to avoid potential problems with buildds.
    + escape minus signs from manpages.
    + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
    + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
    + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
  * debian/xpdf-common.postint:
    + don't use command with path in maintainer script.
  * debian/watch:
    + create watch file.
  * debian/xpdf.desktop:
    + remove obsolete indication of encoding.
    + remove custom category "PDFViewer".
  * debian/xpdf-reader.menu:
    + update obsolete section Apps -> Applications.
  * debian/xpdf-reader.dirs:
    + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
  * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).
 -...

Read more...

Changed in xpdf (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers