[ubuntu/disco-proposed] poppler 0.71.0-2ubuntu3 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Jan 28 14:48:13 UTC 2019 

poppler (0.71.0-2ubuntu3) disco; urgency=medium

  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h. This patch also includes the
      regression fix in check entry.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

Date: Mon, 28 Jan 2019 09:58:13 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/poppler/0.71.0-2ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Jan 2019 09:58:13 -0300
Source: poppler
Binary: libpoppler82 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0v5 libpoppler-cpp-dev poppler-utils
Architecture: source
Version: 0.71.0-2ubuntu3
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
 gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
 libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
 libpoppler-cpp0v5 - PDF rendering library (CPP shared library)
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface
 libpoppler-glib8 - PDF rendering library (GLib-based shared library)
 libpoppler-private-dev - PDF rendering library -- private development files
 libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
 libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface)
 libpoppler82 - PDF rendering library
 poppler-utils - PDF utilities (based on Poppler)
Changes:
 poppler (0.71.0-2ubuntu3) disco; urgency=medium
 .
   * SECURITY UPDATE: infinite recursion via crafted file
     - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
       poppler/Parser.cc, poppler/XRef.h. This patch also includes the
       regression fix in check entry.
     - CVE-2018-16646
   * SECURITY UPDATE: denial of service via reachable abort
     - debian/patches/CVE-2018-19058.patch: check for stream before calling
       stream methods when saving an embedded file in poppler/FileSpec.cc.
     - CVE-2018-19058
   * SECURITY UPDATE: denial of service via out-of-bounds read
     - debian/patches/CVE-2018-19059.patch: check for valid embedded file
       before trying to save it in utils/pdfdetach.cc.
     - CVE-2018-19059
   * SECURITY UPDATE: denial of service via NULL pointer dereference
     - debian/patches/CVE-2018-19060.patch: check for valid file name of
       embedded file in utils/pdfdetach.cc.
     - CVE-2018-19060
Checksums-Sha1:
 0c571563e2d3da17122def9907b731eda0af4b36 3379 poppler_0.71.0-2ubuntu3.dsc
 555fef17909ca6ccc17145bfd5756380c4ce6d24 36644 poppler_0.71.0-2ubuntu3.debian.tar.xz
 7d55e00e9bbe554a69916fd0e11e133824691182 14334 poppler_0.71.0-2ubuntu3_source.buildinfo
Checksums-Sha256:
 04e4d2cbdc8f61f44540247cf358b1a5b615034ebff39b59e5a6cba5496e5b5b 3379 poppler_0.71.0-2ubuntu3.dsc
 9fd6e1a1ad1c40bd8956ba44e9116991553a7f2a36820b7d2b3f89fe4f1ed330 36644 poppler_0.71.0-2ubuntu3.debian.tar.xz
 7b7d6f8a574448c6ca773055046645bf9f9ac54195646d7aff4294d67a7db405 14334 poppler_0.71.0-2ubuntu3_source.buildinfo
Files:
 af9696b5abe4f53db265dc8385215304 3379 devel optional poppler_0.71.0-2ubuntu3.dsc
 7cdb6beda02bdc38357c809779e15246 36644 devel optional poppler_0.71.0-2ubuntu3.debian.tar.xz
 ca935d66f02727615cc1667c14aa0197 14334 devel optional poppler_0.71.0-2ubuntu3_source.buildinfo
Original-Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxPFVMACgkQZWnYVadE
vpP/GBAAtUXor+JeBrOR9wfW0NKaJbWGENsrDTIGsZH/882MMN/gQ07uOyj+jd8m
n+dtGqd3fU2GEaXSiD5DS7uuB4jW5607sDRJF+jJ1TtULK7beULY1LZYPIeTrj1Z
yoO8FPecJegGLRCgjlUhwxhUnqLfhkwPWuTbMD6dXOBXXYiThj1qzAiZGo9R4WP/
2C7sxRGbgAhA3P9MVGbs+6hO3x89537p61F+/pNBMLWRMXIWsll4CpEcvBVYsX5/
yB4m0muAMS+WqPSy9rpQQV5ZLAEry5BFpe1YusSLpty1U2l8+n/Xo79sowEz1WIE
XHcKu5fuarMAjLOk6iT2hAM6fEwjR+e/g28l5OObjfzb74XlOSF6+GQTKKzlHCd6
TBdGwZG9cuZxajHlqSdEJhnvKlmHWpeQGpeGNAx+LpVfSGejDA0Hio1ar+fykyrT
Q3NnBJRh0IoKLlIrYVG+UBynioAXGput9/eyB11ur6rkcBtbBe8chYrJcJC5q24e
WJfoAsPTN0Y0vTfHwrk4hVP422ErIA4GmA0kjU2X59CYgD8z/h4XZvHmJ5yGAOfp
f5i40qXC89TiiEs49+bbcb/bPo7GwfRe5VQw5xn+MIuJSqOyMHytPxB+QWcgL36t
ZUcIP0w97pNcWRlffnSRCVc50mKodXQABZ34S2n35BzeItKY6rQ=
=z0KR
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list