[ubuntu/jaunty-security] xpdf, xpdf (delayed) 3.02-1.4ubuntu2.9.04.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon May 17 18:03:17 BST 2010
xpdf (3.02-1.4ubuntu2.9.04.1) jaunty-security; urgency=low
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1183
Date: Sun, 16 May 2010 16:03:44 -0500
Changed-By: Nicolas Valcárcel Scerpella (Canonical) <nicolas.valcarcel at canonical.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/xpdf/3.02-1.4ubuntu2.9.04.1
-------------- next part --------------
Format: 1.8
Date: Sun, 16 May 2010 16:03:44 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-1.4ubuntu2.9.04.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Nicolas Valcárcel Scerpella (Canonical) <nicolas.valcarcel at canonical.com>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Changes:
xpdf (3.02-1.4ubuntu2.9.04.1) jaunty-security; urgency=low
.
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1183
Checksums-Sha1:
d24fefc643d740279f1c6be8d3eefbc193ec4180 1390 xpdf_3.02-1.4ubuntu2.9.04.1.dsc
8784ad176184c56b3908abd02d1e0d1c8db75a5c 46850 xpdf_3.02-1.4ubuntu2.9.04.1.diff.gz
Checksums-Sha256:
139451b2eaebd708054e92b907800514744f7810c64b2f0b9731d981ffb0c5d5 1390 xpdf_3.02-1.4ubuntu2.9.04.1.dsc
e2795906cc6fd2422ade98807aea10904d05dbf9d5a7594328ba276e84435d79 46850 xpdf_3.02-1.4ubuntu2.9.04.1.diff.gz
Files:
531697e10f47a9278e36a8a0bd9baaee 1390 text optional xpdf_3.02-1.4ubuntu2.9.04.1.dsc
10894806a9bcafc08ad8b7a8e7a50eb1 46850 text optional xpdf_3.02-1.4ubuntu2.9.04.1.diff.gz
Original-Maintainer: Hamish Moffatt <hamish at debian.org>
More information about the Jaunty-changes
mailing list