-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: armel Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: armel Build Daemon (hartmann) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 751dafad4b4899228dc83001dac4f8f780a579cd 1121200 libpoppler46_0.26.5-2+deb8u2_armel.deb 62a73404278726e5a9ece427eaea21d00337b0ec 707298 libpoppler-dev_0.26.5-2+deb8u2_armel.deb 8935dc14af803df974f9977393918a0d26c21611 179000 libpoppler-private-dev_0.26.5-2+deb8u2_armel.deb c315f429b154a2dc70111943823a31b724ff1f13 107166 libpoppler-glib8_0.26.5-2+deb8u2_armel.deb 6a177cad84c9c7a5b30b8a734b7d1c6bebcbd5ca 154382 libpoppler-glib-dev_0.26.5-2+deb8u2_armel.deb 41f6a737578dc0d244e97e93178050ecf6a9c433 33582 gir1.2-poppler-0.18_0.26.5-2+deb8u2_armel.deb 3a181364d07743ea9239049b2f70eeec2dafbba2 114646 libpoppler-qt4-4_0.26.5-2+deb8u2_armel.deb 52c4f8a8efd0e56b287e98107e613e75519ffdb1 152540 libpoppler-qt4-dev_0.26.5-2+deb8u2_armel.deb 0b5e0c6a843130cd376795248ba7868baacee583 114896 libpoppler-qt5-1_0.26.5-2+deb8u2_armel.deb b3a5a60942147529f3df22344a2ff17e0c929c64 153392 libpoppler-qt5-dev_0.26.5-2+deb8u2_armel.deb f0fde56d920e0d65c32e755aa5fada8e015d5c3a 40112 libpoppler-cpp0_0.26.5-2+deb8u2_armel.deb feb3d383880d0d7c617117bf61e43222bd9431e7 45734 libpoppler-cpp-dev_0.26.5-2+deb8u2_armel.deb 97c13ccca6bd1a3781f38fb1a97a98c5fd2a8739 125700 poppler-utils_0.26.5-2+deb8u2_armel.deb 0e8fdfccb8fe1700011cba82cb3f5eaf8614ec24 7788886 poppler-dbg_0.26.5-2+deb8u2_armel.deb Checksums-Sha256: f9ab3ff8e530cdf03ad392a6eb79953772c21b019b335a14f49b0fa1ade02707 1121200 libpoppler46_0.26.5-2+deb8u2_armel.deb 8dc4e078b356b84dc6e3f9937578c19b0fa209fe0d582f3eee90bd231e7f2538 707298 libpoppler-dev_0.26.5-2+deb8u2_armel.deb 1ec735bc94c87590d2edb9b391c6b9114deadbb178ba86f301048546e0c5f6aa 179000 libpoppler-private-dev_0.26.5-2+deb8u2_armel.deb fcc3472a3fc1c5d1134ffc681d0cd31eab71ee8e2c615bba0c30d04f39b6d3f3 107166 libpoppler-glib8_0.26.5-2+deb8u2_armel.deb 1801bc5637c96d979d20d214e258d33b8ccb1701fdfc4b201e190edd377f803a 154382 libpoppler-glib-dev_0.26.5-2+deb8u2_armel.deb 7a7918c38dbc7606f674c860bda774296d9bbd21d4fc048e1e94696fa8ec6ba1 33582 gir1.2-poppler-0.18_0.26.5-2+deb8u2_armel.deb 4b91fab232a96f773213fe9189494a1ba83e2bfb04635e67b3ebcffca1c84cd8 114646 libpoppler-qt4-4_0.26.5-2+deb8u2_armel.deb af35149000e7f49b5f588b263135b654ce03e0af538f45f895b2437527f0c90c 152540 libpoppler-qt4-dev_0.26.5-2+deb8u2_armel.deb eb75af1fa3389ac05b6b253de03fcef54be23cb936e8088332718507cd62646c 114896 libpoppler-qt5-1_0.26.5-2+deb8u2_armel.deb 350ecc15273f2a78301d33d9fdbb5c2ec3fa4443fc0afb491258d53b24937198 153392 libpoppler-qt5-dev_0.26.5-2+deb8u2_armel.deb 7271a63c8fe00e9051f0ad6b9a88acc078cef0b5e939a2505bf21ffb07850040 40112 libpoppler-cpp0_0.26.5-2+deb8u2_armel.deb 38ead7e96122120ea12bf8c0be068a6091bde25d9af8fc0a5b12c8b80fc1b5e4 45734 libpoppler-cpp-dev_0.26.5-2+deb8u2_armel.deb a2d9204e2c24b8d692b101ad0ec6dffbf8c800ae5ea5856a91f6d917f2d891f8 125700 poppler-utils_0.26.5-2+deb8u2_armel.deb fbf80fc18f2d985589a48fb261a47e5cb43ad277b53424c03e008243d74a87f5 7788886 poppler-dbg_0.26.5-2+deb8u2_armel.deb Files: 61b3c0c8ef64bbfea0e151b2f331943e 1121200 libs optional libpoppler46_0.26.5-2+deb8u2_armel.deb 8ec4eaff5ae10891f36d127b76102717 707298 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_armel.deb e3c287985284f69f7cdffd84046b6eec 179000 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_armel.deb 322a34c2c211b620b81c80b6d2bd0466 107166 libs optional libpoppler-glib8_0.26.5-2+deb8u2_armel.deb a62f8b73e94f16cad173cfe25f663285 154382 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_armel.deb 0eddd62f6d73e5efb73054feaa922cf9 33582 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_armel.deb 2fb10d5a8af36beed1ad8f344e2812b9 114646 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_armel.deb baab6fdb669b05f52461b05c08b99a91 152540 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_armel.deb 007155d86605769bd6de076d83dce1a6 114896 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_armel.deb 88be567185ae618b3a7c63f8910793f5 153392 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_armel.deb d227454f8afb6f87f0b35047ba52a7fd 40112 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_armel.deb 9c0228ff26ee06536f8b0f91f71e6498 45734 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_armel.deb d4bde08501b51a267bdf767568741f6e 125700 utils optional poppler-utils_0.26.5-2+deb8u2_armel.deb 15e27dcc48e7f1f338b845f382eceb3a 7788886 debug extra poppler-dbg_0.26.5-2+deb8u2_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtb+/4BhPp9FxQ/bCmxN214iLNGoFAlpJLcMACgkQmxN214iL NGoMGw/+PzoDeC+13DrDQ1LFsGeOMbdH55gCQltBppF7dPd3K+bNf6ZRLQBzDvbw mE7RcYNfkJMvwSCezp6n03W40lBuYy1sSh32gxOXHm9jy8+1w/H8kab+wb7ZBaDV oiBoaB3BVf8nPKY1y9kvXQ/1+vmjYw4A1m1Z5enEyRgjv3JqdXdc3arGUei/TqvW fcYbSxiYN2AS20zUpvYYlinXWusLrIGKLq8DUzPOqOM8sSS/+L9y6SMj2BU7y9vl LzF+9NC6OyTnVZWAKi4P57sWETNlBwlxQTaPxRRxQlc8l41Z3eyJSpNSEuCwD/vP uXCPZp/FCusMvgFcbKoq/KH8Jw9cA37KveQaKhtmymPoUrNkiIbtvfPchcXLpCQG 0ATbLdQlY6uS040NejMiWUg/dVvL1Ruq2vVTogxaZpAkLjn/9WlY12cPVW58v5Yp zenLY6Z4XUkiijluHPczh28qsECd0RQr02r78WhH2s2ghS2avEMrLVuEVtJziwZy NV6lE2agIvQXTvGVaPE0zh03j5FT20uPMVNUmJE65NccIjV3RGg9KwXBLwH4+XT7 8JiMu2edVQPGPtvS4nNQWegjzQCu3MZeTnxMPpHVrMtoQ1cHRbuixYRPsbZjB2sl XJfhnkkUQ7s2uXB4ATQ25AuwThPt5TwxucsC5FFpd/w1Klx4Rfs= =WUc9 -----END PGP SIGNATURE-----