-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: arm64 Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 12c1936051e2f337d4d76864d3cbc9cf33a41cd9 1089710 libpoppler46_0.26.5-2+deb8u2_arm64.deb 65f9648de3e291fc1c84bd251fc6e6b559d001aa 666804 libpoppler-dev_0.26.5-2+deb8u2_arm64.deb bfaa5911d1b0eee5a458e5d192ab4ef176c27ca3 178928 libpoppler-private-dev_0.26.5-2+deb8u2_arm64.deb 5ba3b38509ba01e4d2690e80029e3610a7896cb4 101786 libpoppler-glib8_0.26.5-2+deb8u2_arm64.deb e439574958c5197737c346d2e52cc37b65556bfb 149722 libpoppler-glib-dev_0.26.5-2+deb8u2_arm64.deb 4e4ab88dd656bb7da6bd8bd9cda15ef59fe7f7ad 33568 gir1.2-poppler-0.18_0.26.5-2+deb8u2_arm64.deb 211c2c7cea5fafd73f2e45c2afa96ae2830b52c8 109598 libpoppler-qt4-4_0.26.5-2+deb8u2_arm64.deb ba8335974d4d385c6de6f4969abad70d044c4193 146414 libpoppler-qt4-dev_0.26.5-2+deb8u2_arm64.deb 3598a7f62e32b21ed12e377253986e79364a851d 112156 libpoppler-qt5-1_0.26.5-2+deb8u2_arm64.deb accaf5f91e1ba7f6e2476085999cde9f204dad0f 150932 libpoppler-qt5-dev_0.26.5-2+deb8u2_arm64.deb d5d50bcbef522eb1b4137b408d7415e3b1ba0afb 39748 libpoppler-cpp0_0.26.5-2+deb8u2_arm64.deb ec915c6c0db0f98d9a6a7b37efc995301d437046 45346 libpoppler-cpp-dev_0.26.5-2+deb8u2_arm64.deb b8b870325384cbd4614636db141c8a9ea5610d9e 121992 poppler-utils_0.26.5-2+deb8u2_arm64.deb b2602938ba62ede85e11d6a2fda706556cded540 7902878 poppler-dbg_0.26.5-2+deb8u2_arm64.deb Checksums-Sha256: 789871e4c4fa8b3dd8a768b916dc7ac3270b761bc5be875db3156d70cfa34c35 1089710 libpoppler46_0.26.5-2+deb8u2_arm64.deb aad55d795cb3c823182785835fed3fd906ac3cf513866a11df6a211ecce52d31 666804 libpoppler-dev_0.26.5-2+deb8u2_arm64.deb a723c2fcb99a9db894a03d06fc7a22d83a6d17a234fafd76fcbe2f8e66eb7f47 178928 libpoppler-private-dev_0.26.5-2+deb8u2_arm64.deb bed44d10affb0e4ba85b940c0f6df63874429b3daa74503efdbf66e1d7da91ea 101786 libpoppler-glib8_0.26.5-2+deb8u2_arm64.deb d4849b2941e779ed01c773d5c8f99205081ef043f18930457dd270498f120c11 149722 libpoppler-glib-dev_0.26.5-2+deb8u2_arm64.deb a0d42cfcd66f7e169841b800d8c92383013ed8571f4ed5f44d45cdc410fb09d9 33568 gir1.2-poppler-0.18_0.26.5-2+deb8u2_arm64.deb b7b6ec2b83904b370ea8017e2e36e5a39685ede3abe7ebf53adb42c3be0dc5ed 109598 libpoppler-qt4-4_0.26.5-2+deb8u2_arm64.deb 8838f9442d8808859a93ab7155d121c1f5f91d5177cc72afb58b722e5d57d9a4 146414 libpoppler-qt4-dev_0.26.5-2+deb8u2_arm64.deb bb69bc50122339dc5e212b9d512d10f0575134c71848e881af489da1af463aab 112156 libpoppler-qt5-1_0.26.5-2+deb8u2_arm64.deb fcee91bb11034b283103cc3c6cbc1bfb866e3c26bc348b29a3947294245f932d 150932 libpoppler-qt5-dev_0.26.5-2+deb8u2_arm64.deb 00bd03757899c5186efbbe47bd929a299f9d6d84922207504923ae09a3d88684 39748 libpoppler-cpp0_0.26.5-2+deb8u2_arm64.deb 192c279bf6dd50185afed81d3a2c96729f5b45923c61acdce40a7564918d3d81 45346 libpoppler-cpp-dev_0.26.5-2+deb8u2_arm64.deb f61f70517fabd0588ffd23f111b4a63a0302055a9fd72d751b0f50a4de4a4c7d 121992 poppler-utils_0.26.5-2+deb8u2_arm64.deb 756300d91a20eb1c62357f6f60939d5e20369c90d59b377bbcd54f81c4412a62 7902878 poppler-dbg_0.26.5-2+deb8u2_arm64.deb Files: 0588c4846c08717e15b5fc45cfcbea0c 1089710 libs optional libpoppler46_0.26.5-2+deb8u2_arm64.deb 5ac20533a93b8e0404eadad43f26bada 666804 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_arm64.deb b93cdcac392f1cc976b1a3ba9550bf76 178928 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_arm64.deb 497f75135349cffc97c5680b06fc97bd 101786 libs optional libpoppler-glib8_0.26.5-2+deb8u2_arm64.deb f3792f4d05a6a164803f40042bbf9245 149722 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_arm64.deb fd5e93dbd8b31b22a01b80b4e98c74eb 33568 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_arm64.deb bb415db3e2301549f78affe954aa5787 109598 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_arm64.deb 058b76b2bb4e4ba2e9b9a9eeeac16d3a 146414 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_arm64.deb dc096705aa50f3d0c4eb18e8fc1d4519 112156 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_arm64.deb 3e054e0ab1edf97530e99335f02dff61 150932 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_arm64.deb 5aaa69fc44613fee7dff046fc70a1890 39748 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_arm64.deb 0c55a65a930a0d3b1e22fe9e658b75ce 45346 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_arm64.deb 8846e79f70ee2c48bfe8f45a9021540e 121992 utils optional poppler-utils_0.26.5-2+deb8u2_arm64.deb 67bfb247cb7bf992fd2d664b80770670 7902878 debug extra poppler-dbg_0.26.5-2+deb8u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfq0qnbN3i118dthDOdyAf5wesMkFAlpJKOcACgkQOdyAf5we sMm26BAAwzNEWbOvTWrQ4nvwaA1bFAQHkHsv1JS83MqamDex3wjNIgXYIc6c/hZ9 NtUwNIhmQtN+Zoxu0+oxV4VoanuvdP/mNMlKixCJo96EVE8qo2eIgdWmvRCFVcNo +hBGI1OFmNdYV4XXdnH3rYokRWEs2fV3LWuhTHIw4tBJAMrul9hqI6XdlM5lnUJd CYPijCGFzEksE7DJM69V7nkRZkineSuaQZ/80wD7s7muk4SAKh7XAGfoCADZPFsD cKVWuykJf8d9RDE8mlY7/RgEb3E3N3sqyhdgt4G/QMkQBuDASZUs86s/AOsJ/i/0 oetlb5OFr9PQHZHWe4UB80eUWpnU5IIomxhoGIJfKpl6qUx3mu+rl9tReOa2ZpY3 sRzzSr2/s5byeHxCt84rJ2EwzPQiaomxBXldNv+b+klAW7XhDtcLm2mFg0EkH6aY TC1PsKRqbie7jx4pOdq5rSJVKJ/cP+QQaKl0vP+R4h6SdmwsmXt57vLsBK+WupRy thexObD41aobetzaDMgI9yVED21QGWnlnamAWxiwSTqLWBtddfwkfwa27xTviLsM 8jED8RZQicRiGBPuyDhhE3vDupHEFEqlYSl7xN7M71KcCsMePf+LUpnLZSUXqR1G Div+sfG8BxzMi/QDQ7xHzV3w1m9v6tf3m46aVyqcyoCqRa9J9Rw= =pEKG -----END PGP SIGNATURE-----