-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: mipsel Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: mipsel Build Daemon (eberlin) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: be903604413802191277e17444d041a83ff06c8c 1106556 libpoppler46_0.26.5-2+deb8u2_mipsel.deb 30a6bba825f56a2b720a7a035a942e6321cd6a21 751700 libpoppler-dev_0.26.5-2+deb8u2_mipsel.deb 6d00e854d95e9c3406a94c520e472f74376a1874 178980 libpoppler-private-dev_0.26.5-2+deb8u2_mipsel.deb eac34c9e1b7f28caa7e78b3e0da5bc623d8332cd 105148 libpoppler-glib8_0.26.5-2+deb8u2_mipsel.deb 974f192267f875917c5ddab11aa5758ad189257e 161602 libpoppler-glib-dev_0.26.5-2+deb8u2_mipsel.deb 07fdf04403651922fd238ea98971ba54e4c9f9d3 33650 gir1.2-poppler-0.18_0.26.5-2+deb8u2_mipsel.deb 42e7e3f7befd2bc0cca04a3ae94a36ff2375f14b 112202 libpoppler-qt4-4_0.26.5-2+deb8u2_mipsel.deb 1d7e44eba0cb52b753fbe3cc3873b26af79af33a 157886 libpoppler-qt4-dev_0.26.5-2+deb8u2_mipsel.deb 37d558343dfb57e98401dfb20eeebdc00f618903 115326 libpoppler-qt5-1_0.26.5-2+deb8u2_mipsel.deb 0b3c25360e2225ddb9181b4f8588fbc84de416f8 163060 libpoppler-qt5-dev_0.26.5-2+deb8u2_mipsel.deb 799768508b418bb27261bc350095393cccac3bf3 40468 libpoppler-cpp0_0.26.5-2+deb8u2_mipsel.deb 6a08a42c8f8802f49d88c4a390499d393d4cfdc1 48048 libpoppler-cpp-dev_0.26.5-2+deb8u2_mipsel.deb 2789c16931869e4e99d87f74b9e816c3f22cd9a2 131656 poppler-utils_0.26.5-2+deb8u2_mipsel.deb 7f89ca9216f5697a6bb20706b15a5eeead084610 7766256 poppler-dbg_0.26.5-2+deb8u2_mipsel.deb Checksums-Sha256: dafec06ab8e1b630f3674dbec526dd578196af0da6460c65fce3b4d6cb08c966 1106556 libpoppler46_0.26.5-2+deb8u2_mipsel.deb aefbc92623cb750988cca4a21bcc6a5a05cac9765f38767adeb9eb6e37214e0e 751700 libpoppler-dev_0.26.5-2+deb8u2_mipsel.deb 9f1025b635add5939364a54b184affde4d33dfaef0a5b6e7bde425be3f1b5ade 178980 libpoppler-private-dev_0.26.5-2+deb8u2_mipsel.deb 831db9d3c8f4eb3029f3f894a2e20b78eef086fe11bc9ce69ebd57c2ebe4ed89 105148 libpoppler-glib8_0.26.5-2+deb8u2_mipsel.deb ec4a71dc1a7464da9395b7707e8f6b124933bc2118c7645a8aa091c5cabd9608 161602 libpoppler-glib-dev_0.26.5-2+deb8u2_mipsel.deb 0e597282158321f3548e21f25295a983fb30b175070652af69da93c1c0fbe233 33650 gir1.2-poppler-0.18_0.26.5-2+deb8u2_mipsel.deb 9cc3ea805ccd35619159bafa7c6e0e882a3df968f443d848dec6a8c5ef2c6f04 112202 libpoppler-qt4-4_0.26.5-2+deb8u2_mipsel.deb 9af7f7153f99c57ba15373d476ad2a534c01ef2f4c4ae655c9e62b0186e307f6 157886 libpoppler-qt4-dev_0.26.5-2+deb8u2_mipsel.deb 15f127e61a3ef331015e5c6ea8a77541d6a92265473483f185a1ef3e8139216c 115326 libpoppler-qt5-1_0.26.5-2+deb8u2_mipsel.deb 18a10120d21cb9f8d14a177bb81eccefd2f08c6c817b38b2d623d4efe037dccc 163060 libpoppler-qt5-dev_0.26.5-2+deb8u2_mipsel.deb 722b3e67a7a53402cff414e7fc7a2ec9d83471e211fa442b5c31ccd405c8a3a2 40468 libpoppler-cpp0_0.26.5-2+deb8u2_mipsel.deb 2dc0bedc5cbecf64b8d47447f5517c5b406799eaa35cd89acc6e9b15e2772b50 48048 libpoppler-cpp-dev_0.26.5-2+deb8u2_mipsel.deb da49017bc0ae21fb0ef5488e0159d059290deb1688afdc3b08297bc445e0d0e2 131656 poppler-utils_0.26.5-2+deb8u2_mipsel.deb a3da78e7a75877b8957fc368c0e49a335f69eea9b2dd48b6a9f5cc40dad37db8 7766256 poppler-dbg_0.26.5-2+deb8u2_mipsel.deb Files: e1b9effb6c3891945daa33e86d89ae0b 1106556 libs optional libpoppler46_0.26.5-2+deb8u2_mipsel.deb 8a7132f07bf3dbaeb54b36f14a367313 751700 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_mipsel.deb 351045dc9738fdf26054424e2f284ac6 178980 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_mipsel.deb 91b5950ee5098ded7de5dd43720298f3 105148 libs optional libpoppler-glib8_0.26.5-2+deb8u2_mipsel.deb 1a74d16cdffc1f9711ef1d34e43a27f3 161602 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_mipsel.deb 1d186a273fcb0bbad621abca2f49690c 33650 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_mipsel.deb 3056d907afdd39debf25a0b28054b8b9 112202 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_mipsel.deb a12c74802e851230c696f2c51e5eadbc 157886 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_mipsel.deb 6f725668ef3039337453703787aee852 115326 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_mipsel.deb 57386dc1382360a77e4cbd5fd7975927 163060 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_mipsel.deb d421997fd4d47dab77801f0f442e68dd 40468 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_mipsel.deb b7affa878aaa487fca116763972b9e06 48048 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_mipsel.deb b8f6101e8d0ca98ef6eba3db7beb608f 131656 utils optional poppler-utils_0.26.5-2+deb8u2_mipsel.deb 4c8fbc9894199564070bd3f116168431 7766256 debug extra poppler-dbg_0.26.5-2+deb8u2_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGpVY+GHp5IXOVCoW19fRtJbWgdwFAlpJLH8ACgkQ19fRtJbW gdxkfxAApQeuNIB54PXvMLtuSRerht06rvPIHuA1j4Y/5tgIZKp4xlELtLZ0ci8V KlM0dhJznaajhJU8kPkPSckZa1zQpF5JyidXgfBLzIhSN3+dS4p5SkbVc9UOXA9u 9EQ4uMHZTz7jHVXRgbNwEO6LzJEHeaUeeddIVoHHYvmhO2in8Mu5856MIBYKOjX4 u4Q0qY6b0MKeY3Qlkqt4ZTANw4xCJCgKSqcGcrhukTf+ObMfsIOZ8RnRvSlS0kKy YQFiboVJzfbDJK4Ve/28rLfXG5l/gafEh8G5or0/fvCUGTMNdCMsP/VX5ok5W3PC cfWqOzfLYXbPjZFCxJEgo/WRv3TaMqs/w8HtaRT+qp7JsCOCKe/Zo1C2f6tN5v3R PqIAeukvhpCLNpKnw4Rj46yYjH68p3I1slVDSOBV0uo1Y0feFt3jk9OX2NtUfGgp VqhzFb2bjpk6FCitVJlZUZy6VTYHWY8xETEmEbdj7Bkv7Y57sYY7cBpTZFddMzDO tJ3AfIlF/amYGD1DvCUqev6Gq1HbX4ibfHgzSbySYzPkE0uC2vK6isrBF61pBNUO 2fdYQCqwi4m15ls6sZl1WM7jz9D9azkimTO5gEDMA91ErK2DAGfKNmsD/uJJgQ7r zuOBNsNd9lVxLP6bqswb9RriwW2w7EUaHtMdDEpYSu452AGuZqg= =qFsa -----END PGP SIGNATURE-----