-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: armhf Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: armhf / armel Build Daemon (hoiby) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: a071c2374a6d47aee834c3c39ee91b05f51e6460 1110134 libpoppler46_0.26.5-2+deb8u2_armhf.deb f11c2c417456cc93b0e468805840dee370aedb27 678920 libpoppler-dev_0.26.5-2+deb8u2_armhf.deb 77e47ca2d55d3c19866229eaec46869dec79f618 178856 libpoppler-private-dev_0.26.5-2+deb8u2_armhf.deb 0b1d39c309029fbb791cce80adca3a6287f733d7 106230 libpoppler-glib8_0.26.5-2+deb8u2_armhf.deb b00d2fc1642ff6cfe3702491085c63d685314ffc 149840 libpoppler-glib-dev_0.26.5-2+deb8u2_armhf.deb b80a2815129a4b926b3d95272653c5b09d7d2543 33538 gir1.2-poppler-0.18_0.26.5-2+deb8u2_armhf.deb 7cc6450fe3f31062d5f804217f0505d8f35ae0cb 111660 libpoppler-qt4-4_0.26.5-2+deb8u2_armhf.deb 6fe22a9af03ccca6a6b29f6f44bf1f28dadd9718 144536 libpoppler-qt4-dev_0.26.5-2+deb8u2_armhf.deb d3a51ab4d600ddab9846eff6f892c751b20e0b85 115108 libpoppler-qt5-1_0.26.5-2+deb8u2_armhf.deb f1e6caa3ba55187085e6697f7ad4fdee500c624a 149300 libpoppler-qt5-dev_0.26.5-2+deb8u2_armhf.deb 75573819224a3efb298a1912531f1e561c918061 39456 libpoppler-cpp0_0.26.5-2+deb8u2_armhf.deb 71ebb553a301aeb05dedd2235295f99822923738 44582 libpoppler-cpp-dev_0.26.5-2+deb8u2_armhf.deb 2328cdaae6c6ef65a910bb63055e813aff1c0bf0 124532 poppler-utils_0.26.5-2+deb8u2_armhf.deb f9af9e15eb2959b910b43e9942ea72787e17e483 7799798 poppler-dbg_0.26.5-2+deb8u2_armhf.deb Checksums-Sha256: 6ac93775506344c21e3d10710a060ee4e0992dbfc079137a01c1fc5202b9c537 1110134 libpoppler46_0.26.5-2+deb8u2_armhf.deb 408cab9b67877d1d4464c2f65288f505350e3fd5b4ca15b5f15a1d8758f64860 678920 libpoppler-dev_0.26.5-2+deb8u2_armhf.deb 5266eb8b06e9b4f5d1ee505b703796d1671009a9484e4ef38334dfb9f3739955 178856 libpoppler-private-dev_0.26.5-2+deb8u2_armhf.deb 698d806e197718646eb58f374ea559735dc4dbc97a8fcdc9584cff5448c78b96 106230 libpoppler-glib8_0.26.5-2+deb8u2_armhf.deb 71c24d2d4378efc74c76de6b1a449dcbc4c10e62918579f40799de8736923618 149840 libpoppler-glib-dev_0.26.5-2+deb8u2_armhf.deb 3f8024c655cfd95dbaf2184cb32f7eec2f2acfa62ab2744d9da4a2de11756a12 33538 gir1.2-poppler-0.18_0.26.5-2+deb8u2_armhf.deb db37f5d708e6f1f2a02c4966913353ecf119e6179f8a55d99b1eff4726e0e9a5 111660 libpoppler-qt4-4_0.26.5-2+deb8u2_armhf.deb 14e0287dda439b7f963c124ee5352b769512995d3801bd54551e2a613a79a4c0 144536 libpoppler-qt4-dev_0.26.5-2+deb8u2_armhf.deb 807a594a3ff09331cedda62f40aac35d0fc1eea9cdaabeb5774e15f00f11bcc5 115108 libpoppler-qt5-1_0.26.5-2+deb8u2_armhf.deb 9d80995922b95210acfa3c6aae09193d3f25c04209a9482b67d75da111efa352 149300 libpoppler-qt5-dev_0.26.5-2+deb8u2_armhf.deb 952d6cd55a3d3ecd6bdc1ce807ce1863f557dc72c96b30de112d7b7a62beaa28 39456 libpoppler-cpp0_0.26.5-2+deb8u2_armhf.deb 4c75d0471f28c5de1677cc8d684c0fa8db8acd54b550ac66fabbcb1da9c77502 44582 libpoppler-cpp-dev_0.26.5-2+deb8u2_armhf.deb 5d51264a823cc71b3d9638b6a0fb728b92afc69be8ccf1cfcebb2903c19367df 124532 poppler-utils_0.26.5-2+deb8u2_armhf.deb 5663b39ad8c7287b2881bfd25e8fc4c3da8585888f2be1a11f8de6c38ef5f82e 7799798 poppler-dbg_0.26.5-2+deb8u2_armhf.deb Files: 8bcc883db5753ce0e00899c4d2e6a3a2 1110134 libs optional libpoppler46_0.26.5-2+deb8u2_armhf.deb f32064e5fe1445b85ba5621bf53fb0e8 678920 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_armhf.deb 57cbea85255214bff002c47d2ebbbda8 178856 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_armhf.deb 03fdda7650d6969dba404cb5134ac15b 106230 libs optional libpoppler-glib8_0.26.5-2+deb8u2_armhf.deb 5fde1bfdbd3b242b1e703e47bbca5e4e 149840 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_armhf.deb 76ea768081b431f6e4ff6a649124aa3d 33538 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_armhf.deb 1b652eb38bef67f686e17d2781ad88ee 111660 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_armhf.deb 627e7c636b9fb961e82b169eb084f2f2 144536 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_armhf.deb 0748fcc71fe5bcb58a5b5828567d1af8 115108 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_armhf.deb 739c24c7a85e57fd8058fba100a75ab3 149300 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_armhf.deb bae662d8c54e731a3d00058c6062c818 39456 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_armhf.deb 82c9ca832f40026fa31f4ab603846c2d 44582 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_armhf.deb 0d295c0b750250bd18deea203ef1aed8 124532 utils optional poppler-utils_0.26.5-2+deb8u2_armhf.deb 95f113dfed46573ae97555784be93c8c 7799798 debug extra poppler-dbg_0.26.5-2+deb8u2_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbjuXFzDcUryTjWilMA0yiYEHNbkFAlpJK9IACgkQMA0yiYEH NbmEQhAA62SujlDJ6phjaqDEGdK3Tat9bRRMjFQg1thNCkHO00ArqE6QeI0OI7QU 8r8TUGoncFdXVvQVly/POTfBunf9dLW0euF/wZXxQiVxXMX3eS8HGENxJXuFa8C4 LEqQfIlmBzzwVjAhzc+gbgIBUgtT8v+okEhVl8ipL2cj14lRfQ34waBGyJK8JfRB H0CQ6ItCXwaoOTo9e+sGr7VzlAJ58nb3XxvTHX7PX0lZk6SHN/xaZJxZ1RZykkLR DnCCbTgCxVsRLClyc3BbK7UoRrzmECHAIWvKSegYRV6MaRIc5n/E6bkOjUssQkGO ps+/QwlYcou1lsYu62LCeor1ou8uLfWG+WKjtDm/xUGrf6+EPKHl/FwC3H3ZG90c Va4nS1G8SA2amizls1tMX0xZHGLS9NchEoIcmHb6QdR6RtPS97giOjWakSsKtd8a ivRL8M8CRIvDc9EHiQD8pkaqpslTlQl+WEZsvUjT3IQlbib5miqmklC3Ci7cmJRC CEgBNc6mzvsKNGKHK/BmT3E714B326QHsODofcv1GWuQyfjmQaXxIA17ZG9WIPLM cP/qIJVUKbtq6YQ38rlJJ94DUoKR57VsAxtIUv54RdOWugLD9gfr9W7TVEfJNNBf LxkxJvYkwtMFvtH3lCA5WC9rR95qLSRDYqsf55aFfad9q7z5YLY= =1bLx -----END PGP SIGNATURE-----