-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: mips Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: mips Build Daemon (mips-sil-01) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: b8e200e3508d604c82adf565ab663dbc5adf4924 1097802 libpoppler46_0.26.5-2+deb8u2_mips.deb 67281cbb6426ca5465fa1b2a11da3d908abcef71 738344 libpoppler-dev_0.26.5-2+deb8u2_mips.deb d6db382b10a9ddbbd4a0b4289e673e5f9e34e7ef 179016 libpoppler-private-dev_0.26.5-2+deb8u2_mips.deb d9c276abe624c7e5850324e56c9addeb4e25c9b9 103862 libpoppler-glib8_0.26.5-2+deb8u2_mips.deb c89356992d2203681cc3aadbf579ef254a2b8786 160026 libpoppler-glib-dev_0.26.5-2+deb8u2_mips.deb 476918ccec0d54467e80ffd37aa2003d4a08261c 33474 gir1.2-poppler-0.18_0.26.5-2+deb8u2_mips.deb e8b69d6e2cc5303570643b184d18298dfe3020e2 110670 libpoppler-qt4-4_0.26.5-2+deb8u2_mips.deb e256148a80328247d01e45ab5bb25c923711a7fc 156150 libpoppler-qt4-dev_0.26.5-2+deb8u2_mips.deb ec798cec0409de8d949f638ef3a7e2ee19be881f 113716 libpoppler-qt5-1_0.26.5-2+deb8u2_mips.deb 5c1fdbee504402bb49c722e7ed24409610793c95 160584 libpoppler-qt5-dev_0.26.5-2+deb8u2_mips.deb b2d1fd4fd4edf5a3f35ebc5a1afb2e8fcd9637f5 40146 libpoppler-cpp0_0.26.5-2+deb8u2_mips.deb 34b0b3a17a1235c7ad1c97752947176fa1cc797f 47530 libpoppler-cpp-dev_0.26.5-2+deb8u2_mips.deb f529669945ca0b409277e5db2b5d51abc076696f 130322 poppler-utils_0.26.5-2+deb8u2_mips.deb 0493938d410565c791d10b9eea716ab89706e36e 8127584 poppler-dbg_0.26.5-2+deb8u2_mips.deb Checksums-Sha256: 97d282ebe954984d3e376ed0eccc3cb09f3ac3107a1e3d2fb163fb3d7a49c6e2 1097802 libpoppler46_0.26.5-2+deb8u2_mips.deb 6e6eb976cdbc6e61a18b3b7a5302ba51862c8e04fd1d038cec5191b8231393e5 738344 libpoppler-dev_0.26.5-2+deb8u2_mips.deb 26718f472337af65e13dccbc074daa3fd4b28143ddae6a8b9f8799bd70f1e0d6 179016 libpoppler-private-dev_0.26.5-2+deb8u2_mips.deb a7ae0eb2e6ddbd45ad6da422d82dc70b95213c6ac19d9276bed32ef2382e5aba 103862 libpoppler-glib8_0.26.5-2+deb8u2_mips.deb 2d4158984ce41bbc1b1c088668ae59af0b1beaa8ee810886c723b3518affe3d7 160026 libpoppler-glib-dev_0.26.5-2+deb8u2_mips.deb 7b1004c7269b10c70625fdc227c2205be87a5686ce25fbe60cfdc6759e899181 33474 gir1.2-poppler-0.18_0.26.5-2+deb8u2_mips.deb b921cc3fec13c757ddaff2ae5372ae2fc9ec7baa7c7d54d0cb26d8c81f849e7f 110670 libpoppler-qt4-4_0.26.5-2+deb8u2_mips.deb fc6f85b9b1eda5bb883a9a599af7c7d2e4a39999dc71cc37f7248338731bbed7 156150 libpoppler-qt4-dev_0.26.5-2+deb8u2_mips.deb 4182853626f6c4de74fb678cb5f86779937f5198deaca7194a3071be5496086e 113716 libpoppler-qt5-1_0.26.5-2+deb8u2_mips.deb 133d47bf514b7a0dc1a1c6c04c46d06d7f3e82ea9f1acc58a2af6b30c7cbfac1 160584 libpoppler-qt5-dev_0.26.5-2+deb8u2_mips.deb 7276435821e6ea4217719795bac8e6a7a374a69ba1931b3ac610fcf8bc74ebaf 40146 libpoppler-cpp0_0.26.5-2+deb8u2_mips.deb c9168ffe286e486f831ef659ffb57c5a6703792aeca70255b2e47571eb1a4670 47530 libpoppler-cpp-dev_0.26.5-2+deb8u2_mips.deb 2629a1b819e85d4fbc1e88c100fdc8764eb5e52300dd435c37e6166eee8a9a71 130322 poppler-utils_0.26.5-2+deb8u2_mips.deb d6ebb0f4a41da09a45825f5c4ab66e1abc357ddaa4742bfa28e08b69dff37414 8127584 poppler-dbg_0.26.5-2+deb8u2_mips.deb Files: b972aa8fa68f9d76e0f1b8449b7cbbcb 1097802 libs optional libpoppler46_0.26.5-2+deb8u2_mips.deb b22736b124f5a07a2b2b0246b3b21d2f 738344 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_mips.deb af7268a43a43ea210c39d3ed21783838 179016 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_mips.deb 9742b0d1169e8bc19a23012680aa409a 103862 libs optional libpoppler-glib8_0.26.5-2+deb8u2_mips.deb 5adae0498b8fd4f083c0b6975192c1a6 160026 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_mips.deb 608cf83dce3ee44d8ce15cbde3c1df89 33474 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_mips.deb 5c23a9bfa1ff2332d3ac824d8b5dde99 110670 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_mips.deb 49a7999874c378fd02dae2d04bb32a71 156150 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_mips.deb 42bb1803671b04af3154b156d66b4f5d 113716 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_mips.deb 62db17619dfb1bdd9e996d7e694a3c8a 160584 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_mips.deb 4d21474b1eff145abea123815cb56fa5 40146 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_mips.deb 8d33a5d435e950377f2504b71413d3fe 47530 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_mips.deb df267cdfced63c4a36e529ec18680e46 130322 utils optional poppler-utils_0.26.5-2+deb8u2_mips.deb b6d1e3cbe24c11b3e1b1a8359f5b58b1 8127584 debug extra poppler-dbg_0.26.5-2+deb8u2_mips.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwClEuWKsEp0UbJ3rOHLta89YWmIFAlpJKYQACgkQOHLta89Y WmLosQ//UyorOba/dK/vtMAmhrkWY5LJpU/nx5QqY0X9kSEv5Dn5dSdx06LBKsWv RqOOcJ0J3B/gwe4eIDi/C+fI+nuP3n4IyHJ1cmubz1ydnuZsh8nhsyRW+TaSaKPp ljW7LXX6vEXTmx7W/GUA5iCVq17SwO7MFzwNC9W1R2p+1jjp5Vrfkb86xrrbDSns k1lrBF4kbKsu1LnhNQ0VS/a7QosQF9NFY2rVTjUnLYVSxv7l/MNaIGjOWrnviMlp SlXIBZwKwG6AtwqyaiJIS7pTCAkLyEXDaEQfY/+8eP0ymq0LWEjJE1MYZQFn3n49 iE+0KaE3EDqHL2BOv79zmlA9GF6SpfpoqIX+SbI2OYrxAonoEKMcZy9aIaVT9Ssr fVMwiH3h8bjOBKKRcAmmyQbB544kG+s56YYEQaBT586wT1u80ZEXVckNvC7S1di1 eNxZmySYnlXxGrs4+linncEfItNGc+6ka3SOEn+JCX58HU5acsPqp3tZX1t3pU03 06mS+DOO/G9PU09xoqfuX7hZWkTa6D7PCpUziKozUI59DQJDzB3jbdp7MuEsVBYa pyM1uTPWrXvejYseF3X05pD1I0HEKSbNASQJAfBR/+qgRu7Gs35KIDuUhTRDmDs9 EOIb4RJZyhfAgesk3tSplCRZe+0WdkTCWmhAdiKZqWSBQvx7jfs= =9nOj -----END PGP SIGNATURE-----