-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: powerpc Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: powerpc Build Daemon (powerpc-osuosl-01) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 35eef1ee8ba8aaed0572f3d8090f989500aa0635 1125302 libpoppler46_0.26.5-2+deb8u2_powerpc.deb 7a1def0084f8bc60fdc33086af5ccfd66baf34ab 669874 libpoppler-dev_0.26.5-2+deb8u2_powerpc.deb 597587c0c4219665f45244ec096c61469ff69e8b 179054 libpoppler-private-dev_0.26.5-2+deb8u2_powerpc.deb 9fed22542d6af0d2ae7c910c917e27053dcb29a2 108500 libpoppler-glib8_0.26.5-2+deb8u2_powerpc.deb 149911fbc3e005681ca9231a28c361f85407bfc4 148530 libpoppler-glib-dev_0.26.5-2+deb8u2_powerpc.deb bcdad2583a49106596893c9ca164af745d96c96e 33504 gir1.2-poppler-0.18_0.26.5-2+deb8u2_powerpc.deb 3c2aad0fb7de35e1dde1979dce4fd0cabeeb25f2 113508 libpoppler-qt4-4_0.26.5-2+deb8u2_powerpc.deb f40ebeeb7dfec3b4cbccc602bbeac0592042316f 143352 libpoppler-qt4-dev_0.26.5-2+deb8u2_powerpc.deb d0409dc652fb765df7508a281cf7feed13e05b26 118516 libpoppler-qt5-1_0.26.5-2+deb8u2_powerpc.deb 07c6d4140ec75d8f82f427b51e8a37f28dbed686 149662 libpoppler-qt5-dev_0.26.5-2+deb8u2_powerpc.deb 7bbeff275347046d523ccbdc151f2fbfa17f41c2 41512 libpoppler-cpp0_0.26.5-2+deb8u2_powerpc.deb 46b9d090e2bcd8ac6a8559bc565ad8c85e021eba 46390 libpoppler-cpp-dev_0.26.5-2+deb8u2_powerpc.deb c6bdefae84b5d0a0b6485ae22552a56b74545a1d 127008 poppler-utils_0.26.5-2+deb8u2_powerpc.deb d27349b6791e29e1b1674fc66f7044acbd288982 8207984 poppler-dbg_0.26.5-2+deb8u2_powerpc.deb Checksums-Sha256: 8a76f77d536803c6a6ce877721673131ceb854d039056ee4e52ebaa5bdc01e8a 1125302 libpoppler46_0.26.5-2+deb8u2_powerpc.deb 817c2e12ca6d68a324609f2ce0cdf5480f8cd7fb58bb1bc20f9c06bd1e8c8aea 669874 libpoppler-dev_0.26.5-2+deb8u2_powerpc.deb b9ef6f3dcbce355e131005af1ac97aa10c449c477ab4ea9122d5b46ac44a1242 179054 libpoppler-private-dev_0.26.5-2+deb8u2_powerpc.deb 555243da34916e8d3be722f6450989a6a2e31280de7ef8359380cd9aa13cb79c 108500 libpoppler-glib8_0.26.5-2+deb8u2_powerpc.deb 5d64389ffae5d299669450af0bf114393f3768f1cb0055730d472b36dd1932b4 148530 libpoppler-glib-dev_0.26.5-2+deb8u2_powerpc.deb 562ad1ec34558434c2086a79214252800ed45b94980571fe8a7c8c716d00c79d 33504 gir1.2-poppler-0.18_0.26.5-2+deb8u2_powerpc.deb b40f26b71f6a8b5714cc71e79c39bb1b612468d3bb07a7d97ec08e36330a442c 113508 libpoppler-qt4-4_0.26.5-2+deb8u2_powerpc.deb 39fb8f51ba2453ba7d2f423689b9a49ee2d33c3151862107e5d1a3777cfaebd2 143352 libpoppler-qt4-dev_0.26.5-2+deb8u2_powerpc.deb ebfd76d3923ddce099a3545875c1af6a9edd03659361fa43ac2fef2ea98a8591 118516 libpoppler-qt5-1_0.26.5-2+deb8u2_powerpc.deb 9aa44da9c07c0184fcaa7686d3cac9f5c3e7f0b2ecbf8410c00d0f222b718c57 149662 libpoppler-qt5-dev_0.26.5-2+deb8u2_powerpc.deb 99530bf7def7b30a45b48e18b19074e7ba66cab28b00a5cda5497bab8bfb97aa 41512 libpoppler-cpp0_0.26.5-2+deb8u2_powerpc.deb 761e06cb9e96642285a10fcb67210adade5dc7caba02364e1d815c9321910f9e 46390 libpoppler-cpp-dev_0.26.5-2+deb8u2_powerpc.deb 8c4c069ea4a953d2483298b481b76383fcf59a5a167ce82a718c7e3b8bbb0511 127008 poppler-utils_0.26.5-2+deb8u2_powerpc.deb b9e67e4e0cd069d1614d3436c9a4d0c236ca873ac5df95530e7e79f1ea522f28 8207984 poppler-dbg_0.26.5-2+deb8u2_powerpc.deb Files: de533c61bac8f944191068d06de16164 1125302 libs optional libpoppler46_0.26.5-2+deb8u2_powerpc.deb 00c9e51267cd2c46d193dcef519b5ef7 669874 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_powerpc.deb 5d585e0a04a9bc1d6dccfd7241d85fa3 179054 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_powerpc.deb ea8da085e42bcac7b20c5bb5e3131b71 108500 libs optional libpoppler-glib8_0.26.5-2+deb8u2_powerpc.deb 8b43f18b52313c0941f9be8176572f80 148530 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_powerpc.deb cd33c50ab98008499175f0043fece733 33504 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_powerpc.deb b2d4a84bef0c4cc82518f8af3ec9e551 113508 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_powerpc.deb 6c17cc0ed87cf9948a77d582956404ea 143352 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_powerpc.deb 52dd8e420814c6694d472a5eff90f81b 118516 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_powerpc.deb cb50a712d96f01ec7425515d1ed2e9a0 149662 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_powerpc.deb 0dc3df0ef562cac5a599d58f57f12e22 41512 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_powerpc.deb ae165f8c7d90f33cbffa3cd3a22491a3 46390 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_powerpc.deb ceed635629de7db9872f234294ebde41 127008 utils optional poppler-utils_0.26.5-2+deb8u2_powerpc.deb ad277064ab5fbda6622ab02659099011 8207984 debug extra poppler-dbg_0.26.5-2+deb8u2_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJaSSV1AAoJEKibqUisOyp76RgP/3UQtDi/OvlavvLZQcXJ58eP u1WK+pHmp/OqSfCYf7UHVxGhGxkPex7T7evDXDsl1g9NFrjvLG4QBLf4LQAK2dEW 4W2j39s+ksjgstRRUG2bbd5tgwlLPxC3VItqok+1TC9UQSY/6/ebKzwSQG2zBW3V kuGBkafqW9BMUBq3dIlgNhbwWgeJE7DROWqSSV8876dQa2PYxcIl0nTaAv9iIxAO kj2IlzuRNA21mRuJlmMwDwtFdY7rx7gNN8Pp4Y7N8FQpi6+2rO1vnnXrX59d0feV Q1trAaPqcnsD0OwPKpQJ7M6ARd26eXIqPCJSFFXlwyDQm9oJUAaWL/oLyfGo07ys RouWF8rOkscOChNuct6tzwEbETkTBPtQXfW443RjHsfhMgC914k94XMoB4HiP0zX Cn7UMGXNp+1seawPe81KsOfaSLSa2apbKC5AzrLC/6r2qHsjGysrR0onXO9pcZ2u Ga2DpVAPfDNTVS+vjuT7ItfqCRPN7Wf81DgPNtyefkV40ljPyHaqf9ZnRC06wmz9 YXLhQhcRS9EJaEQ3zHw7uyDdbMdsJw/uR34pB/KFQGS87iNU0ThWHGwzbk0JljsZ 3FFTsDLQR08/ZHa++JQS1wxhPhkTvuYi+OQ9BvpuqqC9LrfBqBXweVrZgm0c5pQ4 YV6MwDbMXlFIZo0Vq6Yh =DY92 -----END PGP SIGNATURE-----