-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: i386 Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-grnet-01) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 36a49de1c82a66b19da4a471a559397dc31482ef 1240848 libpoppler46_0.26.5-2+deb8u2_i386.deb 40f52097a1a5e4440c958a300ddb09b0d230f7a1 815936 libpoppler-dev_0.26.5-2+deb8u2_i386.deb 41c1ade5583d55324d1196186d58ff99ac92d1b8 178854 libpoppler-private-dev_0.26.5-2+deb8u2_i386.deb 218ac314f87b8267ca0b1ff1335558d1f4b1291f 127774 libpoppler-glib8_0.26.5-2+deb8u2_i386.deb 5ce02ed4946a63f87f910a36b3442e8d231880de 171502 libpoppler-glib-dev_0.26.5-2+deb8u2_i386.deb 46a8cd16ce1e5d59d66f59de0a9ec0019cfcdcac 33554 gir1.2-poppler-0.18_0.26.5-2+deb8u2_i386.deb 1fd4e747e62b8d709f97072d820b3383d47b3417 140074 libpoppler-qt4-4_0.26.5-2+deb8u2_i386.deb 03968a236a25ee49ccfe5f2a499c79b4f9866d75 172250 libpoppler-qt4-dev_0.26.5-2+deb8u2_i386.deb 6d8df980fc3c58f1f3fc98860a82b508b85cdd60 143494 libpoppler-qt5-1_0.26.5-2+deb8u2_i386.deb 3dab9c01b351fbb5fb8f924371e924ecd6d4f06d 178778 libpoppler-qt5-dev_0.26.5-2+deb8u2_i386.deb 3d4f4baba89faee4fff27964b99cc9fa5bea5ae8 46776 libpoppler-cpp0_0.26.5-2+deb8u2_i386.deb 8663d886c9ba0408a91660b94302f1ba104e40a4 51656 libpoppler-cpp-dev_0.26.5-2+deb8u2_i386.deb bce590eebcba530160c591d2f50a5b4f6ba898da 144814 poppler-utils_0.26.5-2+deb8u2_i386.deb 103e41e92bd3ad4847f0b47abaa029e420b08681 6937742 poppler-dbg_0.26.5-2+deb8u2_i386.deb Checksums-Sha256: a5ecc4fb9958caa71ccc3c02f84fd00004ccad39e2252f7147fa935d743b0196 1240848 libpoppler46_0.26.5-2+deb8u2_i386.deb 9eb52ac6208170086624b33b3f2f0e1d9b5834cb41d2f5d8786844d2ee232fdf 815936 libpoppler-dev_0.26.5-2+deb8u2_i386.deb e58666627a7d4b8ec60defccb1baae82037bac797fee4e402a071ffbfd7cdea2 178854 libpoppler-private-dev_0.26.5-2+deb8u2_i386.deb 41d5d5a06c8f19ff93ce6a4f557911732264ead92106c0067db6188342cc518c 127774 libpoppler-glib8_0.26.5-2+deb8u2_i386.deb 6c5985a62ec3235f49a6480c6ff5f7b808c1f4fa825f11306de0cb21231be66b 171502 libpoppler-glib-dev_0.26.5-2+deb8u2_i386.deb d130e0a891fe92fdb4aace761470db4c12bd90ec0213e603f18b948ca078bcdf 33554 gir1.2-poppler-0.18_0.26.5-2+deb8u2_i386.deb caa4d998ad38df49b5d03fe33edb2b17e76ea550d104e638e45ced92a2dfe835 140074 libpoppler-qt4-4_0.26.5-2+deb8u2_i386.deb 90300ac71730970da60466f428b7450d2c19602ab9a5fc2f2378d77b07c34be0 172250 libpoppler-qt4-dev_0.26.5-2+deb8u2_i386.deb e1d354eae19eeb9690afaad270e266c1d8ff218be9358ffca4e512fbb5bbd100 143494 libpoppler-qt5-1_0.26.5-2+deb8u2_i386.deb 684029ce87fb53786c241f36d9893a6fb7084c2be8929a719d6c77ddaac068dc 178778 libpoppler-qt5-dev_0.26.5-2+deb8u2_i386.deb cb851208d5accbe731bb5828cb94a563692d067d7dee393c3acb13c91bc809e6 46776 libpoppler-cpp0_0.26.5-2+deb8u2_i386.deb 8c3657124f32aa4d26a53fd12a60c0a4415a8991c139b10d3c3aea482830db9d 51656 libpoppler-cpp-dev_0.26.5-2+deb8u2_i386.deb 81022d4034ceebb53c0d6cc7374f331fa6435aa84b48ae2e8055a4525a4e1f82 144814 poppler-utils_0.26.5-2+deb8u2_i386.deb 319e317406413f33e32458cc70a97a381fa31eac98edb775b7f0aeb814ab8a7d 6937742 poppler-dbg_0.26.5-2+deb8u2_i386.deb Files: 4add0425828cac94eeaad87b2d5f5991 1240848 libs optional libpoppler46_0.26.5-2+deb8u2_i386.deb 57147c334b71de6c36817b38de635839 815936 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_i386.deb 9ceee20cad08ea6e85c648d7e9798557 178854 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_i386.deb b699846f16d88d96928806b2e6c82e09 127774 libs optional libpoppler-glib8_0.26.5-2+deb8u2_i386.deb b52eab3531bc08553608b4d88d1e8565 171502 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_i386.deb be34e9104e171a97ed014d3282311598 33554 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_i386.deb 8289ee87d03119c8b7dc960ca271d729 140074 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_i386.deb 5d5c5b735aa7f1af7b1d1dbae2381167 172250 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_i386.deb 116683a3b0c7e0c7426b061d9b515769 143494 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_i386.deb 6e82a46971c854a301af90bcdc0b70cb 178778 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_i386.deb f9a6e6f6e586304459e7fb306a0cde8b 46776 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_i386.deb e291735b471572805035626ffcae40ea 51656 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_i386.deb b3d51b063cbdb09ebf2ca1ac8fd18b20 144814 utils optional poppler-utils_0.26.5-2+deb8u2_i386.deb 9fae1cc0bfb5d57a47ad17a71736b5ff 6937742 debug extra poppler-dbg_0.26.5-2+deb8u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9jAcExbAfEhptk3BaWFs2pNW0fMFAlpJJfsACgkQaWFs2pNW 0fNxUBAAh+THJN8sETeCgx1rrzro66z3OaaDFrMGAJG7DT1SA0bLi/c66oARKIMl l+2BDWJSzdGFbm+gVEcRr7Gw/Nw420EDVI0nraj/sIWEF+KArWa3ddPaaTck8Y/Z iWWHRLXPwA5Sy9K1f0bMRcKTfj/3dGg2WWylXsBnseIRjKL+4Pa7yv9DcnGJQLxv RSNBxFGjUT2EBzGz0C4CA2hF2vLt55GKbYBRf18vE8ZUoSgwcHa30jDn4LmFzIbB hT4lCtuJtFTghxRbicvDiMttsBrGMuFQHmL/uWf5mxIuGzrtQHTXNYUfatGB33i+ 4WTrfqPN2VGdXt7K38+sJ+RIgF4t+9rgM/uXFQ0S5gMHouf93MTXOc70Q+CXrmtg vVX5sxEil9A4Y4NeCY7aKQhLt77dGgkaS7DrlV19IBf4i/K63rv9tpv0JdWmzuoy vciJbQdDFRna2p6IykLxMTcH7dd2HAv7vqA1AZMKe79Ezytv+dPI9RC0Yiat/Jmy BGIujkOO6lu3z97pY9VdLaRlRw6SgCxQ7TNyk2qHVAP00YpNNo2whEiLg8CjxhLS Oph4jVMUhm6h4I5AWsA9ThOZd1+xm300kCMdz4YSWeP7y1VB9SRIdEfPkTcxtlcw 9pSftphKlZkBIlaUiwTI2j4iSKUG41nXs6CU6+R+hxw+rv9v/oE= =ttPE -----END PGP SIGNATURE-----