Author: Martin Pitt
Revision Date: 2006-12-19 15:53:26 UTC

* Merge to Debian unstable. Remaining Ubuntu changes:
  - debian/patches/patch-poppler: Ported to poppler 0.5.1 API.
  - debian/patches/patch-dvipdfm-timezones: Fix dvipdfm crash in certain
    time zones.

Author: Jamie Strandboge
Revision Date: 2007-12-04 10:53:07 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* Modify Maintainer value to match the DebianMaintainerField
  specification.
* debian/control: Build-Depends on libcairo2-dev
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Jamie Strandboge
Revision Date: 2007-12-04 10:53:07 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* Modify Maintainer value to match the DebianMaintainerField
  specification.
* debian/control: Build-Depends on libcairo2-dev
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Martin Pitt
Revision Date: 2006-12-19 15:53:26 UTC

* Merge to Debian unstable. Remaining Ubuntu changes:
  - debian/patches/patch-poppler: Ported to poppler 0.5.1 API.
  - debian/patches/patch-dvipdfm-timezones: Fix dvipdfm crash in certain
    time zones.

Author: Jamie Strandboge
Revision Date: 2007-12-04 14:05:54 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Jamie Strandboge
Revision Date: 2007-12-04 14:05:54 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Martin Pitt
Revision Date: 2006-10-12 17:10:33 UTC

No-change upload to build against current Poppler. This resolves the
'undefined symbol: _ZN4Dict3addERK10UGooStringP6Object' pdfetex failure
(which breaks texinfo, which in turn causes various FTBFSes).

Author: Jamie Strandboge
Revision Date: 2007-12-04 13:57:25 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Jamie Strandboge
Revision Date: 2007-12-04 13:57:25 UTC

* SECURITY UPDATE: improper bounds on static buffer results in stack-based
  buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
  enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
  tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
  memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
  available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
  checking in dvi2xx.*.
* References
  CVE-2007-5935
  CVE-2007-5936
  CVE-2007-5937

Author: Martin Pitt
Revision Date: 2006-05-29 15:02:01 UTC

No-change upload to build against the current poppler library (which
changed API a bit due to the last bug fix). Closes: LP#42075

Author: Kees Cook
Revision Date: 2007-01-24 16:51:28 UTC

* SECURITY UPDATE: Endless loop in embedded xpdf code.
* Add debian/patches/patch-CVE-2007-0104: upstream fixes from koffice.
* References
  CVE-2007-0104

Author: Matthias Klose
Revision Date: 2005-05-23 19:09:02 UTC

Just use g++-3.4 on ia64.

Author: Martin Pitt
Revision Date: 2006-04-12 09:11:58 UTC

* SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code.
* Add debian/patches/patch-CVE-2006-1244:
   - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows.
   - Upstream patch from Derek Noonburg.
 * CVE-2006-1244

Author: Frank Küster
Revision Date: 2004-12-23 16:31:38 UTC

* SECURITY UPDATE:
  - Added debian/patches/patch-CAN-2004-1125 to fix a buffer overflow in
    PDF reading code that was taken from xpdf (closes: #286984). Thanks to
    Martin Pitt <martin.pitt@canonical.com>, see
    http://www.idefense.com/application/poi/display?id=172 [frank]
  - Fixed insecure tempfile creation, thanks to Javier
    Fernández-Sanguino Peña <jfs@computer.org> (closes: #286370) [frank]
* Fixed clean target, again providing clean sources [frank]
* Added Suggests: rubber; together with lacheck this (closes: #196987)
  [frank]

Author: Martin Pitt
Revision Date: 2006-04-12 09:14:57 UTC

* SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code.
* Add debian/patches/patch-CVE-2006-1244:
   - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows.
   - Upstream patch from Derek Noonburg.
 * CVE-2006-1244

Author: Frank Küster
Revision Date: 2004-09-02 17:05:49 UTC

* Closes a couple of important bugs in maintainer scripts, and should
  really get into sarge , therefore urgency=high.
* Make sure that the correct language.dat is generated for the common
  formats, provide a smooth upgrade path from woody, and correct the
  regexp for fixing a buggy language.dat, thanks to Hilmar and Florent
  (closes: #269172, #267886). [frank]
* Also provide a smooth upgrade path to the use of update-updmap and
  update-fmtutil, thanks to Pierre Machard <pmachard@debian.org> and
  Juhapekka Tolvanen <juhtolv@iki.fi> (closes: #268957, #267734).
  [frank]
* Use correct Conflicts: and Provides: lines for dvipdfm, texdoctk, and
  some pre-woody packages that we completely replace, thanks to Bill
  Allombert <ballombe@debian.org> (closes: #269235). [frank]
* Don't handle /var/cache/fonts in postrm, this is now in tetex-base
  [frank]
* For the fix of #267664 in the last upload, a thank you also goes to
  Hilmar, once more.
* Polished the wording of the english debconf questions, thanks to Gee
  Law <boo@scaryduck.me.uk> (closes: #268764) [frank]