lp:ubuntu/intrepid-security/poppler
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/poppler
Branch merges
Branch information
Recent revisions
- 57. By Marc Deslauriers
-
* SECURITY UPDATE: segfault in Okular with security update (LP: #457985)
- debian/patches/ 65_security_ CVE-2009- 3605.patch: update patch to use
gmallocn_checkoverflow in splash/ SplashFTFont. cc, as bitmap->h can
be 0 and this was causing a regression with Okular.
- CVE-2009-3605 - 56. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or arbitrary code execution via
unsafe malloc usage
- debian/patches/ 65_security_ CVE-2009- 3605.patch: introduce gmallocn3
in goo/gmem.{cc,h} and replace malloc calls with safe versions in
glib/poppler- page.cc, poppler/ {ArthurOutputDe v,CairoOutputDe v,
GfxState,JBIG2Stream, PSOutputDev, SplashOutputDev }.cc,
splash/{SplashBitmap, Splash, SplashFTFont} .cc.
- CVE-2009-3605
* SECURITY UPDATE: denial of service via invalid Form Opt entry
(LP: #321764)
- debian/patches/ 66_security_ CVE-2009- 0755.patch: handle invalid Opt
entry gracefully in poppler/Form.cc.
- CVE-2009-0755
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in rowSize computation
- debian/patches/ 67_security_ CVE-2009- 360x.patch: make sure width value
is sane in splash/SplashBitmap. cc.
- CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in pixel buffer size calculation
- debian/patches/ 67_security_ CVE-2009- 360x.patch: make sure yp value
is sane in splash/Splash.cc, splash/SplashErrorCode s.h.
- CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in object stream handling
- debian/patches/ 67_security_ CVE-2009- 360x.patch: limit number of
nObjects in poppler/XRef.cc.
- CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflow in ImageStream::ImageStream
- debian/patches/ 67_security_ CVE-2009- 360x.patch: check size of width
and nComps in poppler/Stream.cc.
- CVE-2009-3609
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in create_surface_ from_thumbnail_ data
- debian/patches/ 68_security_ CVE-2009- 3607.patch: eliminate g_malloc in
glib/poppler- page.cc.
- CVE-2009-3607 - 55. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution from
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding.
- debian/patches/ 64_security_ jbig2.patch: prevent integer overflow in
poppler/CairoOutputDev. cc and splash/ SplashBitmap. cc, add overflow
checking, improve error handling, and fix other issues in
poppler/JBIG2Stream. *.
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183 - 54. By Loïc Minier
-
* Bump up Standards-Version to 3.8.0.
* New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages;
FreeDesktop #17225.
* New patch, 62_pdftops-mandatory- arg, fixes synopsis of pdftops in man page
to clarify that a PDF file is required in all cases; FreeDesktop #17226;
closes: #491816.
* Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale
for the following lintian warning:
W: poppler-dbg: dbg-package-missing- depends poppler
* Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1
NMU.
* New upstream release; no API change, bug fixes. - 53. By Loïc Minier
-
* Fix /usr/share/
gtk-doc/ html/poppler symlink to point at
/usr/share/doc/ libpoppler- glib-dev/ html/poppler instead of
/usr/share/doc/ libpoppler- glib-dev/ html; LP: #226677.
* New upstream stable release; bug fixes, no API change.
* New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man
pages; FreeDesktop #17222; closes: #461961.
* Rename patch 001_jpxstream_int_crash to 10_jpxstream_ int_crash as we don't
have that many patches; also add upstream bug id (FreeDesktop #5667) and
refresh to apply cleanly.
* Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in
poppler-qt's Libs.private (it already is though); closes: #360595. - 51. By Nico Golde <email address hidden>
-
* Non-maintainer upload by the Security Team.
* Fix missing pageWidgets object initialization that could lead to arbitrary
code execution by a crafted PDF file when the Page destructor deletes
the object which has not been initialized before
(CVE-2008-2950. patch; Closes: #489756). - 50. By Loïc Minier
-
* New upstream release; no API change.
- Fixes crash when reloading PDFs; GNOME #536482; closes: 484160. - 49. By Josselin Mouette <email address hidden>
-
* New upstream release. Closes: #487214.
+ Fix crasher with some PDF files. Closes: #484224. - 48. By Loïc Minier
-
* Upload to unstable.
* Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý
but I wish we move to an official team; closes: #481323.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/poppler