lp:ubuntu/jaunty-security/poppler
- Get this branch:
- bzr branch lp:ubuntu/jaunty-security/poppler
Branch merges
Branch information
Recent revisions
- 64. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/ 33_security_ CVE-2010- 3702.patch: properly initialize
parser in poppler/Gfx.cc.
- CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
- debian/patches/ 34_security_ CVE-2010- 3704.patch: make sure code isn't
< 0 in fofi/FoFiType1.cc.
- CVE-2010-3704 - 63. By Marc Deslauriers
-
* SECURITY UPDATE: segfault in Okular with security update (LP: #457985)
- debian/patches/ 30_security_ CVE-2009- 3605.patch: update patch to use
gmallocn_checkoverflow in splash/ SplashFTFont. cc, as bitmap->h can
be 0 and this was causing a regression with Okular.
- CVE-2009-3605 - 62. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or arbitrary code execution via
unsafe malloc usage
- debian/patches/ 30_security_ CVE-2009- 3605.patch: introduce gmallocn3
in goo/gmem.{cc,h} and replace malloc calls with safe versions in
glib/poppler- page.cc, poppler/ {ArthurOutputDe v,CairoOutputDe v,
GfxState,JBIG2Stream, PSOutputDev, SplashOutputDev }.cc,
splash/{SplashBitmap, Splash, SplashFTFont} .cc.
- CVE-2009-3605
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in rowSize computation
- debian/patches/ 31_security_ CVE-2009- 360x.patch: make sure width value
is sane in splash/SplashBitmap. cc.
- CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in pixel buffer size calculation
- debian/patches/ 31_security_ CVE-2009- 360x.patch: make sure yp value
is sane in splash/Splash.cc, splash/SplashErrorCode s.h.
- CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in object stream handling
- debian/patches/ 31_security_ CVE-2009- 360x.patch: limit number of
nObjects in poppler/XRef.cc.
- CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
integer overflow in ImageStream::ImageStream
- debian/patches/ 31_security_ CVE-2009- 360x.patch: check size of width
and nComps in poppler/Stream.cc.
- CVE-2009-3609
* SECURITY UPDATE: denial of service or arbitrary code execution via
overflow in create_surface_ from_thumbnail_ data
- debian/patches/ 32_security_ CVE-2009- 3607.patch: eliminate g_malloc in
glib/poppler- page.cc.
- CVE-2009-3607 - 61. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution from
multiple integer overflows, buffer overflows, and other issues with
JBIG2 decoding. (LP: #361875)
- debian/patches/ 11_security_ jbig2.patch: prevent integer overflow in
poppler/CairoOutputDev. cc and splash/ SplashBitmap. cc, add overflow
checking, improve error handling, and fix other issues in
poppler/JBIG2Stream. *.
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0166
- CVE-2009-0799
- CVE-2009-0800
- CVE-2009-1179
- CVE-2009-1180
- CVE-2009-1181
- CVE-2009-1182
- CVE-2009-1183
- CVE-2009-1187
- CVE-2009-1188 - 60. By Sebastien Bacher
-
* New version sync on debian
* debian/control, debian/rules:
- don't use openjpeg it's in universe - 59. By Steve Langasek
-
Disable openjpeg on all archs for Ubuntu, this lib is in universe
and isn't needed. - 58. By Josselin Mouette <email address hidden>
-
Don’t require openjpeg on alpha, since it doesn’t build there.
- 56. By Sebastien Bacher
-
* New upstream version
* debian/patches/ 60_manpages- cfg-flag. patch:
- the change is in the new version
* debian/patches/ 61_manpages- hyphens. patch:
- the change is in the new version
* debian/patches/ 62_pdftops- mandatory- arg.patch:
- the change is in the new version
* debian/patches/ 63_do-not- make-ps- arrays- bigger- than-64k- from-big- images- in-patterns. patch:
- the change is in the new version
* Updated for the libpoppler and libpoppler-glib soname changes - 55. By Till Kamppeter
-
debian/
patches/ 63_do-not- make-ps- arrays- bigger- than-64k- from-big- images- in-patterns. patch:
pdftops produced wrong PostScript when a large image is in a pattern in
the input file (LP: #311982, Upstream bugs #18908 and #19368).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/poppler