[ubuntu/xenial-updates] poppler 0.41.0-0ubuntu1.15 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Nov 25 18:58:19 UTC 2020
poppler (0.41.0-0ubuntu1.15) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in Parser::makeStream
- debian/patches/CVE-2018-21009.patch: check for overflow in
poppler/Parser.cc.
- CVE-2018-21009
* SECURITY UPDATE: buffer overread in PSOutputDev::checkPageSlice
- debian/rules: build with --enable-cmyk.
- debian/patches/CVE-2019-10871-fix.patch: fix wrong width condition in
splash/SplashBitmap.cc.
- debian/patches/CVE-2019-10871-fix2.patch: add missing
splashModeDeviceN8 in two switch statements in
poppler/SplashOutputDev.cc.
- CVE-2019-10871
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-13283.patch: fix invalid memory access in
fofi/FoFiType1.cc.
- CVE-2019-13283
* SECURITY UPDATE: integer overflow leading to large memory allocation
- debian/patches/CVE-2019-9959.patch: ignore dict Length if clearly
broken in poppler/JPEG2000Stream.cc.
- CVE-2019-9959
* SECURITY UPDATE: DoS via buffer overflow in pdftohtml
- debian/patches/CVE-2020-27778.patch: properly initialize
HtmlOutputDev::page in utils/HtmlOutputDev.cc.
- CVE-2020-27778
Date: 2020-11-25 14:31:04.824708+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.15
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list