lp:ubuntu/jaunty-security/poppler

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

64. By Marc Deslauriers on 2010-10-13

* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/33_security_CVE-2010-3702.patch: properly initialize
    parser in poppler/Gfx.cc.
  - CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/34_security_CVE-2010-3704.patch: make sure code isn't
    < 0 in fofi/FoFiType1.cc.
  - CVE-2010-3704

63. By Marc Deslauriers on 2009-10-22

* SECURITY UPDATE: segfault in Okular with security update (LP: #457985)
  - debian/patches/30_security_CVE-2009-3605.patch: update patch to use
    gmallocn_checkoverflow in splash/SplashFTFont.cc, as bitmap->h can
    be 0 and this was causing a regression with Okular.
  - CVE-2009-3605

62. By Marc Deslauriers on 2009-10-20

* SECURITY UPDATE: denial of service or arbitrary code execution via
  unsafe malloc usage
  - debian/patches/30_security_CVE-2009-3605.patch: introduce gmallocn3
    in goo/gmem.{cc,h} and replace malloc calls with safe versions in
    glib/poppler-page.cc, poppler/{ArthurOutputDev,CairoOutputDev,
    GfxState,JBIG2Stream,PSOutputDev,SplashOutputDev}.cc,
    splash/{SplashBitmap,Splash,SplashFTFont}.cc.
  - CVE-2009-3605
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in rowSize computation
  - debian/patches/31_security_CVE-2009-360x.patch: make sure width value
    is sane in splash/SplashBitmap.cc.
  - CVE-2009-3603
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in pixel buffer size calculation
  - debian/patches/31_security_CVE-2009-360x.patch: make sure yp value
    is sane in splash/Splash.cc, splash/SplashErrorCodes.h.
  - CVE-2009-3604
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in object stream handling
  - debian/patches/31_security_CVE-2009-360x.patch: limit number of
    nObjects in poppler/XRef.cc.
  - CVE-2009-3608
* SECURITY UPDATE: denial of service or arbitrary code execution via
  integer overflow in ImageStream::ImageStream
  - debian/patches/31_security_CVE-2009-360x.patch: check size of width
    and nComps in poppler/Stream.cc.
  - CVE-2009-3609
* SECURITY UPDATE: denial of service or arbitrary code execution via
  overflow in create_surface_from_thumbnail_data
  - debian/patches/32_security_CVE-2009-3607.patch: eliminate g_malloc in
    glib/poppler-page.cc.
  - CVE-2009-3607

61. By Marc Deslauriers on 2009-04-16

* SECURITY UPDATE: denial of service and possible code execution from
  multiple integer overflows, buffer overflows, and other issues with
  JBIG2 decoding. (LP: #361875)
  - debian/patches/11_security_jbig2.patch: prevent integer overflow in
    poppler/CairoOutputDev.cc and splash/SplashBitmap.cc, add overflow
    checking, improve error handling, and fix other issues in
    poppler/JBIG2Stream.*.
  - CVE-2009-0146
  - CVE-2009-0147
  - CVE-2009-0166
  - CVE-2009-0799
  - CVE-2009-0800
  - CVE-2009-1179
  - CVE-2009-1180
  - CVE-2009-1181
  - CVE-2009-1182
  - CVE-2009-1183
  - CVE-2009-1187
  - CVE-2009-1188

60. By Sebastien Bacher on 2009-04-01

* New version sync on debian
* debian/control, debian/rules:
  - don't use openjpeg it's in universe

59. By Steve Langasek on 2009-03-10

Disable openjpeg on all archs for Ubuntu, this lib is in universe
and isn't needed.

58. By Josselin Mouette <email address hidden> on 2009-03-08

Don’t require openjpeg on alpha, since it doesn’t build there.

57. By Sebastien Bacher on 2009-02-24

New upstream version

56. By Sebastien Bacher on 2009-01-14

* New upstream version
* debian/patches/60_manpages-cfg-flag.patch:
  - the change is in the new version
* debian/patches/61_manpages-hyphens.patch:
  - the change is in the new version
* debian/patches/62_pdftops-mandatory-arg.patch:
  - the change is in the new version
* debian/patches/63_do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.patch:
  - the change is in the new version
* Updated for the libpoppler and libpoppler-glib soname changes

55. By Till Kamppeter on 2009-01-02

debian/patches/63_do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.patch:
pdftops produced wrong PostScript when a large image is in a pattern in
the input file (LP: #311982, Upstream bugs #18908 and #19368).