[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.14 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 27 14:28:22 UTC 2019 

poppler (0.41.0-0ubuntu1.14) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in GfxImageColorMap::getGray
    - debian/patches/CVE-2017-9865.patch: clear buffers in
      utils/HtmlOutputDev.cc, utils/ImageOutputDev.cc.
    - CVE-2017-9865
  * SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
    - debian/patches/CVE-2018-18897.patch: enforcing single initialization
      in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
    - CVE-2018-18897
  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
      Dict in utils/pdfunite.cc.
    - CVE-2018-20662
  * SECURITY UPDATE: buffer over-read in downsample_row_box_filter
    - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
      for box filter in poppler/CairoRescaleBox.cc.
    - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
      rescale filter in poppler/CairoRescaleBox.cc.
    - CVE-2019-9631
  * SECURITY UPDATE: dict marking mishandling
    - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
      in poppler/PDFDoc.cc.
    - CVE-2019-9903
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10018-10023.patch: check for zero in
      poppler/Function.cc.
    - CVE-2019-10018
    - CVE-2019-10023
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10019.patch: check nStripes in
      poppler/PSOutputDev.cc.
    - CVE-2019-10019
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10021.patch: check nBits in
      poppler/Stream.cc.
    - CVE-2019-10021
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
      boxes in splash/Splash.cc.
    - CVE-2019-10872
  * SECURITY UPDATE: buffer over-read in JPXStream::init
    - debian/patches/CVE-2019-12293.patch: fail gracefully if not all
      components have the same WxH in poppler/JPEG2000Stream.cc.
    - CVE-2019-12293

Date: 2019-06-26 17:55:51.598133+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.14
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list