lp:ubuntu/karmic-security/xpdf
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/xpdf
Branch merges
Related source package recipes
Branch information
Recent revisions
- 17. By Brian Thomason
-
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
- CVE-2010-3704 - 16. By Jamie Strandboge
-
[ Nicolas Valcárcel Scerpella ]
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188, 3603,2009, 3604,3606, 3608,3609. dpatch: Patch backported from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188, 3603,2009, 3604,3606, 3608,3609. dpatch: Patch backported from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188, 3603,2009, 3604,3606, 3608,3609. dpatch: Patch backported from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188, 3603,2009, 3604,3606, 3608,3609. dpatch: Patch backported from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188, 3603,2009, 3604,3606, 3608,3609. dpatch: Patch backported from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDict Seg.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDict Seg, (2)
JBIG2Stream::readSymbolDict Seg, and (3) JBIG2Stream: :readGenericBit map.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146, 0147,0165, 0166,0799, 0800,1179- 1183.dpatch: Patch backported from debian
- CVE-2009-1183[ Jamie Strandboge ]
* debian/patches/ 00list: don't apply 41_lesstif_ cpp.dpatch, no longer needed
on Karmic - 15. By Till Kamppeter
-
debian/
patches/ do-not- make-ps- arrays- bigger- than-64k- from-big- images- in-patterns. dpatch:
pdftops produced wrong PostScript when a large image is in a pattern in
the input file (LP: #311982, Upstream bugs #18908 and #19368). - 14. By Andrea Gasparini
-
* Merge from Debian unstable. Remaining Ubuntu changes: (LP: #276304)
- Patch 09_xpdfrc_manpage. dpatch for xpdfrc.5
- Set maintainer to MOTU
* debian/control: modified build-depends on a obsolete package (x-dev) - 13. By Andrea Gasparini
-
* Merge from Debian unstable. Remaining Ubuntu changes:
- Patch 09_xpdfrc_manpage. dpatch for xpdfrc.5
- Set maintainer to MOTU - 12. By Michael Bienia
-
* Merge from Debian unstable, remaining changes:
- Added back 09_xpdfrc_manpage. dpatch.
- Set Ubuntu maintainer. - 11. By Michael Bienia
-
* Merge from debian unstable, remaining changes:
- Added back 09_xpdfrc_manpage. dpatch.
- Set Ubuntu maintainer. - 10. By Andy Price
-
* Merge from Debian unstable (LP: #113365), remaining changes:
- Added back 09_xpdfrc_manpage. dpatch (LP #71753)
- Set Ubuntu maintainer - 9. By Andy Price
-
* Added 09_xpdfrc_
manpage. dpatch to refer to the correct global
config file in xpdfrc.5 (LP #71753)
* Set Ubuntu maintainer address
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/xpdf
