lp:debian/lenny/xpdf

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11. By Michael Gilbert on 2012-01-16

Fix cve-2011-2902: insecure tempfile usage in zxpdf. (closes: #635849)

10. By Michael Gilbert on 2010-10-11

* Non-maintainer upload by the security team.
* Fix cve-2010-3702: uninitialized pointer in Gfx.cc.
* Fix cve-2010-3704: integer underflow in fofi/FoFiType1.cc.

9. By Luciano Bello on 2010-03-22

* Non-maintainer upload by the Security Team.
* Fixes multiple security issues (Closes: #551287):
  - CVE-2009-1188 and CVE-2009-3603:
    Integer overflow in SplashBitmap::SplashBitmap which might allow remote
    attackers to execute arbitrary code or an application crash via a crafted
    PDF document.
  - CVE-2009-3604:
    NULL pointer dereference or heap-based buffer overflow in
    Splash::drawImage which might allow remote attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code via a
    crafted PDF document.
  - CVE-2009-3606:
    Integer overflow in the PSOutputDev::doImageL1Sep which might allow
    remote attackers to execute arbitrary code via a crafted PDF document.
  - CVE-2009-3608:
    Integer overflow in the ObjectStream::ObjectStream which might allow
    remote attackers to execute arbitrary code via a crafted PDF document.
  - CVE-2009-3609:
    Integer overflow in the ImageStream::ImageStream which might allow
    remote attackers to cause a denial of service via a crafted PDF
    document.

8. By Giuseppe Iuculano on 2009-05-02

* Non-maintainer upload.
* This update fixes various security issues (Closes: #524809):
  - CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
    3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
    remote attackers to cause a denial of service (crash) via a crafted PDF
    file, related to (1) JBIG2SymbolDict::setBitmap and (2)
    JBIG2Stream::readSymbolDictSeg.
  - CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
    3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
    remote attackers to cause a denial of service (crash) via a crafted PDF
    file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
    JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
  - CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
    earlier, as used in Poppler and other products, when running on Mac OS X,
    has unspecified impact, related to "g*allocn."
  - CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
    and earlier, and other products allows remote attackers to cause a denial
    of service (crash) via a crafted PDF file that triggers a free of
    uninitialized memory.
  - CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
    and earlier, Poppler before 0.10.6, and other products allows remote
    attackers to cause a denial of service (crash) via a crafted PDF file
    that triggers an out-of-bounds read.
  - CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
    Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
    and other products allow remote attackers to execute arbitrary code via
    a crafted PDF file.
  - CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
    earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
    allows remote attackers to execute arbitrary code via a crafted PDF file.
  - CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
    and earlier, Poppler before 0.10.6, and other products allows remote
    attackers to execute arbitrary code via a crafted PDF file that triggers
    a free of invalid data.
  - CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
    and earlier, Poppler before 0.10.6, and other products allows remote
    attackers to cause a denial of service (crash) via a crafted PDF file that
    triggers a NULL pointer dereference.
  - CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
    3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
    other products allow remote attackers to execute arbitrary code via a
    crafted PDF file.
  - CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
    1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
    attackers to cause a denial of service (infinite loop and hang) via a
    crafted PDF file.

7. By Bernhard R. Link <email address hidden> on 2008-09-07

* Non-maintainer upload.
* apply patch from Jiri Palecek
  against a segfault in image handling (Closes: 462544)
* apply patch from Arno Renevier against a segfault when pressing Ctrl-W
  in full-screen mode (Closes: 437725)
* apply patch from Stefan Beyer against a segfault when pressing 'g'
  in full-screen mode (Closes: 479467)
* fix ps encoding error on 64-bit architectures (Closes: 444648, 482029)

6. By Hamish Moffatt on 2006-05-27

* Add patch 05_freetype-2.2.dpatch: make splash/SplashFTFont.cc
  compatible with FreeType 2.2 (ie don't use FreeType internals
  directly any more). Fixes unreported FTBFS.
* Enable additional compile-time options: --enable-opi,
  --enable-multithreaded, --enable-wordlist

5. By StefanPotyra on 2006-03-11

Fakesync newer debian version.

4. By Daniel T Chen on 2006-01-09

Resynchronise with Debian.

3. By Daniel T Chen on 2005-12-27

debian/control: Adjust Build-Depends -> lesstif-dev since
lesstif2-dev no longer exists. (This makes r-base buildable, which
makes rpy buildable, allowing the Great Merge Wheel to continue.)

2. By Hamish Moffatt on 2005-12-06

* SECURITY UPDATE: fix several potential buffer overflows:
  DCTStream Baseline Heap Overflow, DCTStream Progressive Heap Overflow,
  StreamPredictor Heap Overflow, JPX Stream Reader Heap Overflow
  (closes: #322462) (21_security.dpatch)
* References: CAN-2005-3193