Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/poppler
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

53. By Marc Deslauriers

* SECURITY UPDATE: invalid memory access issues
  - debian/patches/110_security_CVE-2013-1788.patch: add checks in
    poppler/Function.cc, poppler/Stream.cc, splash/Splash.cc.
  - CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
  - debian/patches/111_security_CVE-2013-1790.patch: properly handle
    refLine in poppler/Stream.cc.
  - CVE-2013-1790

52. By Marc Deslauriers

* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/108_security_CVE-2010-3702.patch: properly initialize
    parser in poppler/Gfx.cc.
  - CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/109_security_CVE-2010-3704.patch: make sure code isn't
    < 0 in fofi/FoFiType1.cc.
  - CVE-2010-3704

51. By Marc Deslauriers

* SECURITY UPDATE: regression in poppler security update (LP: #457985)
  - debian/patches/105_security_CVE-2009-3605.patch: update patch to use
    gmallocn_checkoverflow in splash/SplashFTFont.cc, as bitmap->h can
    be 0 and this could cause a regression with certain applications.
  - CVE-2009-3605

50. By Marc Deslauriers

* SECURITY UPDATE: denial of service or arbitrary code execution via
  unsafe malloc usage
  - debian/patches/105_security_CVE-2009-3605.patch: introduce gmallocn3
    in goo/gmem.{cc,h} and replace malloc calls with safe versions in
    glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
  - CVE-2009-3605
* SECURITY UPDATE: denial of service via invalid Form Opt entry
  (LP: #321764)
  - debian/patches/106_security_CVE-2009-0755.patch: handle invalid Opt
    entry gracefully in poppler/Form.cc.
  - CVE-2009-0755
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in rowSize computation
  - debian/patches/107_security_CVE-2009-360x.patch: make sure width
    value is sane in splash/SplashBitmap.cc.
  - CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in pixel buffer size calculation
  - debian/patches/107_security_CVE-2009-360x.patch: make sure yp value
    is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
  - CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in object stream handling
  - debian/patches/107_security_CVE-2009-360x.patch: limit number of
    nObjects in poppler/XRef.cc.
  - CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
  integer overflow in ImageStream::ImageStream
  - debian/patches/107_security_CVE-2009-360x.patch: check size of width
    and nComps in poppler/Stream.cc.
  - CVE-2009-3609

49. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution from
  multiple integer overflows, buffer overflows, and other issues with
  JBIG2 decoding.
  - debian/patches/104_security_jbig2.patch: prevent integer overflow in
    poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
    checking, improve error handling, and fix other issues in
  - CVE-2009-0146
  - CVE-2009-0147
  - CVE-2009-0166
  - CVE-2009-0799
  - CVE-2009-0800
  - CVE-2009-1179
  - CVE-2009-1180
  - CVE-2009-1181
  - CVE-2009-1182
  - CVE-2009-1183

48. By Kees Cook

* SECURITY UPDATE: crash via uninitialized pointer free().
* debian/patches/103_page_initialization.patch: upstream fix.
* References

47. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/102_embedded-font-fixes.patch: stronger type-checking.
* References

46. By Loïc Minier

* Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev,
  libpoppler-qt-dev, libpoppler-qt4-dev.
* Add ${misc:Depends}.
* Cleanups.
* New upstream releases; no API change; bug fixes; closes: #459342.
* Fix copyright information to use version 2 of the GPL (instead of version 2
  or later); thanks Timo Jyrinki for the patch; closes: #453865.
* Urgency medium for RC bug fix.
* List pdftohtml in poppler-utils' description; closes: #464439.
* Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks
  Pino Toscano; closes: #459922.
* Bump up Standards-Version to 3.7.3.

45. By Sebastien Bacher

* New upstream version
* debian/control:
  - updated maintainer information

44. By Ondřej Surý

* New upstream version. (Closes: #447992)
* Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936)
* Changes since 0.6.1:
  - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628)
  - Fix a crash on documents with wrong CCITTFaxStream
  - Fix a crash in the Cairo renderer with invalid embedded fonts
  - Fix a crash with invalid TrueType fonts
  - Check if font is inside the clip area before rendering
    it to a temporary bitmap in the Splash renderer. Fixes crashes on
    incorrect documents
  - Do not use exit(1) on DCTStream errors
  - Detect form fields at any depth level
  - Do not generate appearance stream for radio buttons that are not active

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.