-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2017 07:34:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: s390x Version: 0.26.5-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: s390x Build Daemon (zemlinsky) Changed-By: Santiago R.R. Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium . * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc Checksums-Sha1: 155c8a88308b3ba3c9d61b4726672b8021dc9c5f 1174154 libpoppler46_0.26.5-2+deb8u2_s390x.deb 38d8027a1312e63d727abb9d741ed00aad763a4e 731518 libpoppler-dev_0.26.5-2+deb8u2_s390x.deb 83f431ecb08b45c1591cdcb74bf46d0ff41c9f9f 179076 libpoppler-private-dev_0.26.5-2+deb8u2_s390x.deb f8b1a7cbe0ea96542a0a4138ec8a4834c1557a1f 117852 libpoppler-glib8_0.26.5-2+deb8u2_s390x.deb a9212af85f09778b19aaf52c960cd3fad524bd05 159442 libpoppler-glib-dev_0.26.5-2+deb8u2_s390x.deb dd9ba64b2ec30ee1a6d824d8a77f97d9b5458993 33482 gir1.2-poppler-0.18_0.26.5-2+deb8u2_s390x.deb 3b05b2845d693136ff2b039b7fd35745d05c0e34 129726 libpoppler-qt4-4_0.26.5-2+deb8u2_s390x.deb ffc929330460e49fbea805690ce1130d8b388a2f 159208 libpoppler-qt4-dev_0.26.5-2+deb8u2_s390x.deb 1bf2f2a6f040d75c77a4086ebb6818d5b2dedead 129110 libpoppler-qt5-1_0.26.5-2+deb8u2_s390x.deb 4d54a1f3862b054aef530e20d555aba50e9279d8 160820 libpoppler-qt5-dev_0.26.5-2+deb8u2_s390x.deb 484b7a1cf078fb51d66ee9fa57efd62533259f4e 44064 libpoppler-cpp0_0.26.5-2+deb8u2_s390x.deb 649c06e86a07c4c77add95933d2109ddbbe77381 48786 libpoppler-cpp-dev_0.26.5-2+deb8u2_s390x.deb 41091b5df8391f578bf71a845955b13265ee41f2 135806 poppler-utils_0.26.5-2+deb8u2_s390x.deb f9e1d5e564f79fcf6eb62940826a2333d5a46365 8122828 poppler-dbg_0.26.5-2+deb8u2_s390x.deb Checksums-Sha256: 7e2585e4cbbc359aa070d7666a14c850a13301e9b6f39e949b3562ae79a9c390 1174154 libpoppler46_0.26.5-2+deb8u2_s390x.deb 005d200cedf6803c7a1fb57d01b72046a502a30ab03f8ad181452cf01ffb5778 731518 libpoppler-dev_0.26.5-2+deb8u2_s390x.deb 24e0b57383a40717ea25100992eb09e7efec2d1e04a1c3aaac2fb2ed6d5ebffd 179076 libpoppler-private-dev_0.26.5-2+deb8u2_s390x.deb f2506241fd137af0caf434bc047189f7d00c5e1dff1867184279acd0c2432222 117852 libpoppler-glib8_0.26.5-2+deb8u2_s390x.deb 453c24f9ff9cce875c7ed1b04c7f19fae9d9802c30dcd207425efbfae173064f 159442 libpoppler-glib-dev_0.26.5-2+deb8u2_s390x.deb 9bd015256161aa491f44e800494f61c8f934648af564c3a74914298dc27f1926 33482 gir1.2-poppler-0.18_0.26.5-2+deb8u2_s390x.deb f6278556a0909388897301e7cdc43d49676b70379dd6f2a2f76921cacbf34752 129726 libpoppler-qt4-4_0.26.5-2+deb8u2_s390x.deb 83fd2e0ceea95b3ce45552c25ff8a67bb965e8ee574c1e075f4a4a3b26cba1b6 159208 libpoppler-qt4-dev_0.26.5-2+deb8u2_s390x.deb f14e9f7bca5484f5e7902a1f5f93c24d961f3f9964b486cf60398d46dfc9cdfd 129110 libpoppler-qt5-1_0.26.5-2+deb8u2_s390x.deb d9ccea9f3f8f1ca60ce7572d19fb91708f840cce2fcd11d5f35f2d45e4ed3fed 160820 libpoppler-qt5-dev_0.26.5-2+deb8u2_s390x.deb 5be725d0ec8d0ca9497a33eef1bae51259f7bc0589bc6e2b21623178cb67417a 44064 libpoppler-cpp0_0.26.5-2+deb8u2_s390x.deb bfdcaba2d4e296898070145502e901b72bff2df639ad42932721d4c83b6f7a0c 48786 libpoppler-cpp-dev_0.26.5-2+deb8u2_s390x.deb 4b849a7e56bb3aae38050849fd93fdbab549367b62cc402c345c0f8a858275fb 135806 poppler-utils_0.26.5-2+deb8u2_s390x.deb 5868e402d794f3a1d7018dca51ae83c09a4d1cf4fe33ffe22ed3bf23a5776978 8122828 poppler-dbg_0.26.5-2+deb8u2_s390x.deb Files: 11b9c2f439663b5f6262db388e15aacc 1174154 libs optional libpoppler46_0.26.5-2+deb8u2_s390x.deb d433813fdf1405289f3ba7051e831450 731518 libdevel optional libpoppler-dev_0.26.5-2+deb8u2_s390x.deb d5b5118fc9faf1634dbf8a66ed1e1392 179076 libdevel optional libpoppler-private-dev_0.26.5-2+deb8u2_s390x.deb 5610a286654afd6fb64c640758f0a8c9 117852 libs optional libpoppler-glib8_0.26.5-2+deb8u2_s390x.deb 0fec696153be4988db9fd6c3aa5dee0c 159442 libdevel optional libpoppler-glib-dev_0.26.5-2+deb8u2_s390x.deb c90964d573cfc0ce5d8dbf1f3abdb08b 33482 introspection optional gir1.2-poppler-0.18_0.26.5-2+deb8u2_s390x.deb a017e248934d52baf3ac3c3169a59a8a 129726 libs optional libpoppler-qt4-4_0.26.5-2+deb8u2_s390x.deb f51736111a47366a4434529eae7dc6a5 159208 libdevel optional libpoppler-qt4-dev_0.26.5-2+deb8u2_s390x.deb 044592f7566935a65cf978d459871be0 129110 libs optional libpoppler-qt5-1_0.26.5-2+deb8u2_s390x.deb ac66c1649e969f3438d1b0e50597b428 160820 libdevel optional libpoppler-qt5-dev_0.26.5-2+deb8u2_s390x.deb db126f44f3be040cbfccbad2fff468c8 44064 libs optional libpoppler-cpp0_0.26.5-2+deb8u2_s390x.deb 58d366b384dec36e07d7bf8bf6d9482e 48786 libdevel optional libpoppler-cpp-dev_0.26.5-2+deb8u2_s390x.deb 3d2361843fb1a99bfb172f532a0d2fc9 135806 utils optional poppler-utils_0.26.5-2+deb8u2_s390x.deb a489f9c97324f92d890e451362e4dcc7 8122828 debug extra poppler-dbg_0.26.5-2+deb8u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEacF8Ya8pNrbA/RjEE13DkOQDLTYFAlpJJqYACgkQE13DkOQD LTY6eQ/8DwFPhwHroO3BvSBXztmYh0W5rWNwnOqDpkX46q8cM+UiTOCy9YqQhMEy V+/RsYNvdN0pu9adIsH3tQVgK60XrKqvV5bz0lYDYJF1sNsgBbosanTWt56gW0kQ TDQxsyJnMO0rSuBQZcim7lUA1muI3ZHphNA9G3vKSwvoS8yKi5Ym+ztgmvXhe2sx W9M3amCo/HQOofoO6d+Zj6ZHtMv08rozaWIOak8B/eoM3uLcQlE0oduaol/DgTTV nVFnYPU51VtyZH4omi5eUP8EMuz0Ayye0HmQQM+lmgagpGaEmiHWsocYAjUj2DaZ 5mMJy9QAO8RbUljtD6UARHjBKWeYXAoMjVOrGclrfudcI+L1rWzzCx6WXx/hmtZj GN6YdcyeHI9bm6uel1XfO19A5/fPBFmOWYVlxICIKqdn1Gve2OqLHPUSqWI3uFDq 5X3WgMGccN5e91bGmurJCRWcfu7m704zRzJ+MqUepZIl/iSzpnY3HAqLZ4FakAzT +sPixolmL7mfplNC6f3nLWCwnEWfy7IMmxPjwbaRs/k+MNUSBm8ixw2WiFymbQ2G esp3TYqBPN8Ys06zq0eVSKs3ehylShvZoT8jFIjv+jbKy7L8D4MY/s386S1GEjn8 nfV2s0UXV+o/+sLqoltV+IRKRnDs8bPleErUrHFBlbmgWArjQIc= =ZuTD -----END PGP SIGNATURE-----