Your message dated Wed, 27 Aug 2025 21:09:44 +0000
with message-id <[email protected]>
and subject line Bug#1110463: fixed in poppler 25.03.0-6
has caused the Debian Bug report #1110463,
regarding poppler: CVE-2025-50420
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110463
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: poppler
Version: 25.03.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for poppler.
CVE-2025-50420[0]:
| An issue in the pdfseparate utility of freedesktop poppler v25.04.0
| allows attackers to cause an infinite recursion via supplying a
| crafted PDF file. This can lead to a Denial of Service (DoS).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-50420
https://www.cve.org/CVERecord?id=CVE-2025-50420
[1] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1613
[2] https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1849
[3]
https://gitlab.freedesktop.org/poppler/poppler/-/commit/08d7894e4dd0e313c179e30f06ad8f546619b1b3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 25.03.0-6
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Aug 2025 16:03:54 -0400
Source: poppler
Built-For-Profiles: noudeb
Architecture: source
Version: 25.03.0-6
Distribution: unstable
Urgency: high
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1110463
Changes:
poppler (25.03.0-6) unstable; urgency=high
.
[ Leonidas Da Silva Barbosa ]
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-50420.patch: don't continue
recursing in PDFDoc in poppler/PDFDoc.cc.
- CVE-2025-50420 (Closes: #1110463)
Checksums-Sha1:
aa139a40c2f23960ff846f5d254f2f7722af9dc4 4013 poppler_25.03.0-6.dsc
f4c5119c58dc80524927542a2018cbd80be45ec3 42584 poppler_25.03.0-6.debian.tar.xz
196b367c52360bdbb633dcdd4b4068e60aca6ff1 16806
poppler_25.03.0-6_source.buildinfo
Checksums-Sha256:
d5d78517056b8a81eee87a79cf19e96f91c314d332511c5c3864a08edc67024b 4013
poppler_25.03.0-6.dsc
58642e5ba5e6ea77416d359ad825b0d268216c393dd3bf7a99d8f57a00f0eef7 42584
poppler_25.03.0-6.debian.tar.xz
052a7edb8d0739f3a7b355e68588a2d5aea198a4bea7d9fb014927f1a601f5a0 16806
poppler_25.03.0-6_source.buildinfo
Files:
8cd449836c4aa107650ebcf10b4545e8 4013 devel optional poppler_25.03.0-6.dsc
0bd9c08605f5924fa685f05a5697a304 42584 devel optional
poppler_25.03.0-6.debian.tar.xz
9adff4f7543534bbd5177c9b6ffcbc7b 16806 devel optional
poppler_25.03.0-6_source.buildinfo
Original-Maintainer: Debian freedesktop.org maintainers
<[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmivZRsACgkQ5mx3Wuv+
bH3OORAAhYaBitq2c4o3n0loBYGEVbv4FDkVOk4B9cTv3WLxNaIsQKvRK0G2IoE1
NxQCp9oAlifbO6Xiu617N8LwQtOJf2W8ivy4C2/i2JxkiePuI+WhtuvZOPgSie6+
AOKRwIMw02M3ilNEocMECtF2N4WRjkpPnpMqgJwuw4BsNvWKS+cOKJO+kPrK3sTG
3t4IAKh3ckOcvd3FgFta8pFHdd0jPXc+2IB6SuGbZ8eIYfyCz65hZ2VaUchwjfGC
wjzzrFBi9GBIKlF2U3JaVraqclEOhkTRQ+cy0nIhHyiOLNiNTwqTEG7gT2WaW5ON
amImIIhmSGMX3UZqoR61AdH8kY5d2D5i5CiEfIGSqqLCJNdIYH88FJoIIJDTgNdB
RFc3rc6IHc74FkHokSUSECtV675uav458jORarlTPsf6wkksZxN+59hzXvAtOLbJ
dQWso6AIUBixm9uWeU2hlFTSzOapcOOPzVaoOeRKb5WOZatuJECUNJGEo+weSPi9
CuFjnWGAocoMWwtu31Nrgacup+MMQhUYXjHNNgD87t44XVJjXIOh5aDSWvzBh1xZ
NM3jjdfz6Ee+VlWAotqqWRuxIwhbj62+R2gnTtXRNNph+I848C0KAfOHXOQHjSbo
8TEC+W1/gcBUBbn6hQpTLHyhmL3Q1ZCBwvWo7t6HHsSNC2Ks8vQ=
=W354
-----END PGP SIGNATURE-----
pgp6szp_Ql3o3.pgp
Description: PGP signature
--- End Message ---
