[ubuntu/karmic-security] xpdf, xpdf (delayed) 3.02-1.4ubuntu2.9.10.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Oct 5 17:03:46 BST 2010
- Previous message: [ubuntu/karmic-security] mistelix_0.30-0ubuntu1.1_armel_translations.tar.gz, mistelix_0.30-0ubuntu1.1_sparc_translations.tar.gz (delayed), mistelix_0.30-0ubuntu1.1_i386_translations.tar.gz, mistelix_0.30-0ubuntu1.1_amd64_translations.tar.gz, mistelix_0.30-0ubuntu1.1_lpia_translations.tar.gz, mistelix_0.30-0ubuntu1.1_powerpc_translations.tar.gz, mistelix_0.30-0ubuntu1.1_ia64_translations.tar.gz, mistelix 0.30-0ubuntu1.1 (Accepted)
- Next message: [ubuntu/karmic-security] lvm2_2.02.39-0ubuntu11.1_ia64_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_powerpc_translations.tar.gz, lvm2, lvm2_2.02.39-0ubuntu11.1_amd64_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_lpia_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_armel_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_sparc_translations.tar.gz (delayed), lvm2_2.02.39-0ubuntu11.1_i386_translations.tar.gz 2.02.39-0ubuntu11.1 (Accepted)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
xpdf (3.02-1.4ubuntu2.9.10.1) karmic-security; urgency=low
[ Nicolas Valcárcel Scerpella ]
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1183
[ Jamie Strandboge ]
* debian/patches/00list: don't apply 41_lesstif_cpp.dpatch, no longer needed
on Karmic
Date: Mon, 04 Oct 2010 15:07:39 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/xpdf/3.02-1.4ubuntu2.9.10.1
-------------- next part --------------
Format: 1.8
Date: Mon, 04 Oct 2010 15:07:39 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-1.4ubuntu2.9.10.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Changes:
xpdf (3.02-1.4ubuntu2.9.10.1) karmic-security; urgency=low
.
[ Nicolas Valcárcel Scerpella ]
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch backported from debian
- CVE-2009-1183
.
[ Jamie Strandboge ]
* debian/patches/00list: don't apply 41_lesstif_cpp.dpatch, no longer needed
on Karmic
Checksums-Sha1:
e773a12d4e5787d6c664af3530966323382ea7ef 2030 xpdf_3.02-1.4ubuntu2.9.10.1.dsc
b960584e44d38659c074fc51a0386fbbb9e6f893 46802 xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Checksums-Sha256:
5c495a12108373ee82a04dcf0d68049cdf4993ff905a0fbf91613826457db351 2030 xpdf_3.02-1.4ubuntu2.9.10.1.dsc
486608d4ae0787d6f8c06dfb063ebe68e12263f862faef0a08f623b6914a31e1 46802 xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Files:
66a840ebb6ef8abd162476c1d4caa1a4 2030 text optional xpdf_3.02-1.4ubuntu2.9.10.1.dsc
3b111fa4e8d92f20f7bf8e09ccb5a645 46802 text optional xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Original-Maintainer: Hamish Moffatt <hamish at debian.org>
- Previous message: [ubuntu/karmic-security] mistelix_0.30-0ubuntu1.1_armel_translations.tar.gz, mistelix_0.30-0ubuntu1.1_sparc_translations.tar.gz (delayed), mistelix_0.30-0ubuntu1.1_i386_translations.tar.gz, mistelix_0.30-0ubuntu1.1_amd64_translations.tar.gz, mistelix_0.30-0ubuntu1.1_lpia_translations.tar.gz, mistelix_0.30-0ubuntu1.1_powerpc_translations.tar.gz, mistelix_0.30-0ubuntu1.1_ia64_translations.tar.gz, mistelix 0.30-0ubuntu1.1 (Accepted)
- Next message: [ubuntu/karmic-security] lvm2_2.02.39-0ubuntu11.1_ia64_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_powerpc_translations.tar.gz, lvm2, lvm2_2.02.39-0ubuntu11.1_amd64_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_lpia_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_armel_translations.tar.gz, lvm2_2.02.39-0ubuntu11.1_sparc_translations.tar.gz (delayed), lvm2_2.02.39-0ubuntu11.1_i386_translations.tar.gz 2.02.39-0ubuntu11.1 (Accepted)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Karmic-changes
mailing list