[ubuntu/xenial-security] poppler 0.41.0-0ubuntu1.4 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Fri Oct 6 14:54:15 UTC 2017


poppler (0.41.0-0ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2017-14518.patch: Fix divide by 0 on broken
      documents in splash/Splash.cc.
    - CVE-2017-14518
  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2017-14520.patch: don't try to scale if srcHeight or
      srcWidth is less than 1 in splash/Splash.cc.
    - CVE-2017-14520
  * SECURITY UPDATE: Floating point exception in ImageStream
    - debian/patches/CVE-2017-14617.patch: Fix crash in broken files in
      poppler/Stream.cc.
    - CVE-2017-14617
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14926.patch: Fix crash on broken files
      in poppler/Annot.cc.
    - CVE-2017-14926
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14928.patch: Fix crash broken files
      in poppler/Annot.cc.
    - CVE-2017-14928
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2017-14929.patch: Fix infinite recursion
      in poppler/Gfx.cc, poppler/GfxState.cc, poppler/GfxState.h.
    - CVE-2017-14929
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14975.patch: fix crash in convertToType0 in
      fofi/FoFiType1C.cc.
    - CVE-2017-14975
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14977.patch: fix NULL deference pointer in
      fofi/FoFiTrueType.cc.
    - CVE-2017-14977
  * SECURITY UPDATE: Integer overflow and heap overflow
    - debian/patches/CVE-2017-9776.patch: fix malformed documents
      in poppler/JBIG2Stream.cc.
    - CVE-2017-9776

Date: 2017-10-04 15:39:39.777156+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list