Accepted poppler 0.5.0-0ubuntu1 (source)

Martin Pitt martin.pitt at ubuntu.com
Thu Jan 19 22:55:19 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 19 Jan 2006 23:49:52 +0100
Source: poppler
Binary: libpoppler-glib-dev poppler-utils libpoppler0c2-qt libpoppler-qt-dev libpoppler-dev libpoppler0c2-glib libpoppler0c2
Architecture: source
Version: 0.5.0-0ubuntu1
Distribution: dapper
Urgency: high
Maintainer: Ondřej Surý <ondrej at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt interface)
 libpoppler0c2 - PDF rendering library
 libpoppler0c2-glib - PDF rendering library (GLib-based shared library)
 libpoppler0c2-qt - PDF rendering library (Qt-based shared library)
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 346076 346277
Changes: 
 poppler (0.5.0-0ubuntu1) dapper; urgency=low
 .
   * New upstream release 0.5.0, required for new evince 0.5.
   * Merge with Debian.
   * Remove patches adopted upstream:
     - debian/patches/000_add-poppler-utils.patch
     - debian/patches/002-selection-crash-bug.patch
   * debian/libpoppler-dev.install:
     - Install poppler-page-transition.h.
     - Do not install poppler-config.h, it doesn't exist any more.
     - Upstream doesn't install legacy xpdf includes any more, fix path to
       install them into libpoppler-dev.
   * Add debian/patches/001_jpxstream_int_crash.patch:
     - poppler/JPXStream.h: Fix declaration of cbW to be signed.
       JPXStream.cc, readCodeBlockData() negates the value, which results in an
       invalid value on 64 bit platforms if using unsigned types.
     - Thanks to Vladimir Nadvornik for pointing at this.
 .
 poppler (0.4.4-1) unstable; urgency=high
 .
   * New upstream security release
     - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627
   * Remove debian/patches/003-CVE-2005-3624_5_7.patch:
     - Merged upstream
   * Remove debian/patches/004-fix-CVE-2005-3192.patch:
     - Merged upstream
   * Remove debian/patches/001-relibtoolize.patch
     - Upstream uses recent libtool
 .
 poppler (0.4.3-3) unstable; urgency=low
 .
   * Fix missing libcairo2-dev dependency (Closes: #346277)
 .
 poppler (0.4.3-2) unstable; urgency=high
 .
   [ Martin Pitt ]
   * SECURITY UPDATE: Multiple integer/buffer overflows.
   * Add debian/patches/003-CVE-2005-3624_5_7.patch:
     - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
       + Check columns for negative or large values.
       + CVE-2005-3624
     - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
       + Reset numComps to 0 since it's a global variable that is used later.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readHuffmanTables():
       + Fix out of bounds array access in Huffman tables.
       + CVE-2005-3627
     - poppler/Stream.cc, DCTStream::readMarker():
       + Check for EOF in while loop to prevent endless loops.
       + CVE-2005-3625
     - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
       JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
       + Check user supplied width and height against invalid values.
       + Allocate one extra byte to prevent out of bounds access in combine().
   * Add debian/patches/004-fix-CVE-2005-3192.patch:
     - Fix nVals int overflow check in StreamPredictor::StreamPredictor().
     - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
 .
   [ Ondřej Surý ]
   * Merge changes from Ubuntu (Closes: #346076).
   * Enable Cairo output again.
Files: 
 632e2b6928b28191511fdeec67adadbb 1742 devel optional poppler_0.5.0-0ubuntu1.dsc
 c84c1be19f43e4a84872ff08234c1960 935312 devel optional poppler_0.5.0.orig.tar.gz
 fb6960f2c7a1128640ffdc2bc9f2b9fa 5308 devel optional poppler_0.5.0-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0BeuDecnbV4Fd/IRAml2AJ9ZSZoGfU4XAyYXs6WeNFwa+UAR1wCg2rE7
c48EP33WUDHkfXscaBD1JE0=
=Ol3Y
-----END PGP SIGNATURE-----


Accepted:
poppler_0.5.0-0ubuntu1.diff.gz
  to pool/main/p/poppler/poppler_0.5.0-0ubuntu1.diff.gz
poppler_0.5.0-0ubuntu1.dsc
  to pool/main/p/poppler/poppler_0.5.0-0ubuntu1.dsc
poppler_0.5.0.orig.tar.gz
  to pool/main/p/poppler/poppler_0.5.0.orig.tar.gz

More information about the dapper-changes mailing list