[ubuntu/bionic-updates] poppler 0.62.0-2ubuntu2.9 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 27 14:28:21 UTC 2019
poppler (0.62.0-2ubuntu2.9) bionic-security; urgency=medium
* SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
- debian/patches/CVE-2018-18897.patch: enforcing single initialization
in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
- CVE-2018-18897
* SECURITY UPDATE: DoS via crafted PDF file
- debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
Dict in utils/pdfunite.cc.
- CVE-2018-20662
* SECURITY UPDATE: buffer over-read in downsample_row_box_filter
- debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
for box filter in poppler/CairoRescaleBox.cc.
- debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
rescale filter in poppler/CairoRescaleBox.cc.
- CVE-2019-9631
* SECURITY UPDATE: dict marking mishandling
- debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
in poppler/PDFDoc.cc.
- CVE-2019-9903
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
boxes in splash/Splash.cc.
- CVE-2019-10872
* SECURITY UPDATE: buffer over-read in JPXStream::init
- debian/patches/CVE-2019-12293.patch: fail gracefully if not all
components have the same WxH in poppler/JPEG2000Stream.cc.
- CVE-2019-12293
Date: 2019-06-26 17:55:55.908931+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.9
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list