Ubuntu
poppler package

lp:ubuntu/dapper-security/poppler

  1. Dapper (6.06)
  2. dapper-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-security/poppler
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

24. By Marc Deslauriers

* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/106_security_CVE-2010-3702.patch: properly initialize
    parser in poppler/Gfx.cc.
  - CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/107_security_CVE-2010-3704.patch: make sure code isn't
    < 0 in fofi/FoFiType1.cc.
  - CVE-2010-3704

23. By Marc Deslauriers

* SECURITY UPDATE: regression in poppler security update (LP: #457985)
  - debian/patches/104_security_CVE-2009-3605.patch: update patch to
    introduce gmallocn_checkoverflow in goo/gmem.{c,h} and use it in
    splash/SplashFTFont.cc, as bitmap->h can be 0 and this could cause a
    regression with certain applications.
  - CVE-2009-3605

22. By Marc Deslauriers

* SECURITY UPDATE: unsafe malloc usage
  - debian/patches/104_security_CVE-2009-3605.patch: introduce gmallocn3
    and add additional allocation size checks in goo/gmem.{c,h}, replace
    malloc calls with safe versions in glib/poppler-page.cc,
    poppler/{ArthurOutputDev,CairoOutputDev,GfxState,JBIG2Stream,
    PSOutputDev,SplashOutputDev}.cc, splash/{Splash,SplashFTFont}.cc.
  - CVE-2009-3605
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in rowSize computation
  - debian/patches/105_security_CVE-2009-360x.patch: make sure width
    value is sane in splash/SplashBitmap.cc.
  - CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in pixel buffer size calculation
  - debian/patches/105_security_CVE-2009-360x.patch: make sure yp value
    is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
  - CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in object stream handling
  - debian/patches/105_security_CVE-2009-360x.patch: limit number of
    nObjects in poppler/XRef.cc.
  - CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
  integer overflow in ImageStream::ImageStream
  - debian/patches/105_security_CVE-2009-360x.patch: check size of width
    and nComps in poppler/Stream.cc.
  - CVE-2009-3609

21. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution from
  multiple integer overflows, buffer overflows, and other issues with
  JBIG2 decoding.
  - debian/patches/103_security_jbig2.patch: prevent integer overflow in
    poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
    checking, improve error handling, and fix other issues in
    poppler/JBIG2Stream.*.
  - CVE-2009-0146
  - CVE-2009-0147
  - CVE-2009-0166
  - CVE-2009-0799
  - CVE-2009-0800
  - CVE-2009-1179
  - CVE-2009-1180
  - CVE-2009-1181
  - CVE-2009-1182
  - CVE-2009-1183

20. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger
  type-checking added.
* References
  CVE-2008-1693

19. By Jamie Strandboge

* SECURITY UPDATE: out of bounds array access causes memory corruption via
  a crafted PDF file
* fix for DCTStream::readScanInfo() in Stream.cc to properly check
  boundaries
* SECURITY UPDATE: integer overflow resulting in heap-based overflow and
  potential arbitrary code execution via crafted PDF file
* fix for DCTStream::reset() in Stream.cc to properly check width and height
* SECURITY UPDATE: boundary error in lookChar() resulting in heap-based
  overflow and potential arbitrary code execution via crafted PDF file
* fixes for CCITTFaxStream::CCITTFaxStream and CCITTFaxStream::lookChar() in
  Stream.cc to properly check boundary conditions. This also includes
  upstream refactoring for easier maintenance.
* References
  CVE-2007-4352
  CVE-2007-5392
  CVE-2007-5393

18. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via crafted PDFs
* Add debian/patches/100_streampredictor_overflow.patch: upstream fixes.
* References
  CVE-2007-3387

17. By Martin Pitt

* SECURITY UPDATE: Denial of Service.
* Add debian/patches/004_CVE-2007-0104.patch:
  - Limit recursion depth of the parsing tree to 100 to avoid infinite loop
    with crafted documents.
  - Patch taken from koffice security update (which has a copy of xpdf
    sources).

16. By Martin Pitt

Add debian/patches/003_refcount.patch: Fix reference counting. Thanks to
Gary Coady for the patch! Closes: LP#24970

15. By Martin Pitt

Install poppler-page-transition into libpoppler-qt-dev (not
libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/poppler
This branch contains Public information 
Everyone can see this information.

Subscribers