Ubuntu
poppler package

lp:ubuntu/intrepid-security/poppler

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/poppler
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

57. By Marc Deslauriers

* SECURITY UPDATE: segfault in Okular with security update (LP: #457985)
  - debian/patches/65_security_CVE-2009-3605.patch: update patch to use
    gmallocn_checkoverflow in splash/SplashFTFont.cc, as bitmap->h can
    be 0 and this was causing a regression with Okular.
  - CVE-2009-3605

56. By Marc Deslauriers

* SECURITY UPDATE: denial of service or arbitrary code execution via
  unsafe malloc usage
  - debian/patches/65_security_CVE-2009-3605.patch: introduce gmallocn3
    in goo/gmem.{cc,h} and replace malloc calls with safe versions in
    glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
    GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
    splash/{SplashBitmap,Splash,SplashFTFont}.cc.
  - CVE-2009-3605
* SECURITY UPDATE: denial of service via invalid Form Opt entry
  (LP: #321764)
  - debian/patches/66_security_CVE-2009-0755.patch: handle invalid Opt
    entry gracefully in poppler/Form.cc.
  - CVE-2009-0755
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in rowSize computation
  - debian/patches/67_security_CVE-2009-360x.patch: make sure width value
    is sane in splash/SplashBitmap.cc.
  - CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in pixel buffer size calculation
  - debian/patches/67_security_CVE-2009-360x.patch: make sure yp value
    is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
  - CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in object stream handling
  - debian/patches/67_security_CVE-2009-360x.patch: limit number of
    nObjects in poppler/XRef.cc.
  - CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
  integer overflow in ImageStream::ImageStream
  - debian/patches/67_security_CVE-2009-360x.patch: check size of width
    and nComps in poppler/Stream.cc.
  - CVE-2009-3609
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in create_surface_from_thumbnail_data
  - debian/patches/68_security_CVE-2009-3607.patch: eliminate g_malloc in
    glib/poppler-page.cc.
  - CVE-2009-3607

55. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution from
  multiple integer overflows, buffer overflows, and other issues with
  JBIG2 decoding.
  - debian/patches/64_security_jbig2.patch: prevent integer overflow in
    poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
    checking, improve error handling, and fix other issues in
    poppler/JBIG2Stream.*.
  - CVE-2009-0146
  - CVE-2009-0147
  - CVE-2009-0166
  - CVE-2009-0799
  - CVE-2009-0800
  - CVE-2009-1179
  - CVE-2009-1180
  - CVE-2009-1181
  - CVE-2009-1182
  - CVE-2009-1183

54. By Loïc Minier

* Bump up Standards-Version to 3.8.0.
* New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages;
  FreeDesktop #17225.
* New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page
  to clarify that a PDF file is required in all cases; FreeDesktop #17226;
  closes: #491816.
* Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale
  for the following lintian warning:
  W: poppler-dbg: dbg-package-missing-depends poppler
* Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1
  NMU.
* New upstream release; no API change, bug fixes.

53. By Loïc Minier

* Fix /usr/share/gtk-doc/html/poppler symlink to point at
  /usr/share/doc/libpoppler-glib-dev/html/poppler instead of
  /usr/share/doc/libpoppler-glib-dev/html; LP: #226677.
* New upstream stable release; bug fixes, no API change.
* New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man
  pages; FreeDesktop #17222; closes: #461961.
* Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't
  have that many patches; also add upstream bug id (FreeDesktop #5667) and
  refresh to apply cleanly.
* Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in
  poppler-qt's Libs.private (it already is though); closes: #360595.

52. By Loïc Minier

New upstream release; no API changes, misc fixes.

51. By Nico Golde <email address hidden>

* Non-maintainer upload by the Security Team.
* Fix missing pageWidgets object initialization that could lead to arbitrary
  code execution by a crafted PDF file when the Page destructor deletes
  the object which has not been initialized before
  (CVE-2008-2950.patch; Closes: #489756).

50. By Loïc Minier

* New upstream release; no API change.
  - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160.

49. By Josselin Mouette <email address hidden>

* New upstream release. Closes: #487214.
  + Fix crasher with some PDF files. Closes: #484224.

48. By Loïc Minier

* Upload to unstable.
* Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý
  but I wish we move to an official team; closes: #481323.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/poppler
This branch contains Public information 
Everyone can see this information.

Subscribers