Your message dated Sat, 04 Jul 2026 16:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1127146: fixed in poppler 25.03.0-5+deb13u4
has caused the Debian Bug report #1127146,
regarding libpoppler147: Invalid signature time when signing a PDF
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127146
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpoppler147
Version: 25.03.0-5+deb13u2
Severity: normal
Dear Maintainer,
due to a small format problem in the "signing time" the generated signed PDF
cannot be verified as a fully correct QESig signature.
Upstream already fixed this with an one line patch:
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1824
Please consider to integrate patch, maybe even in next minor stable version.
Best regards,
Robert
-- System Information:
Debian Release: 13.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.63+deb13-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=ro_RO.UTF-8, LC_CTYPE=ro_RO.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpoppler147 depends on:
ii libc6 2.41-12+deb13u1
ii libcurl3t64-gnutls 8.14.1-2+deb13u2
ii libfontconfig1 2.15.0-2.3
ii libfreetype6 2.13.3+dfsg-1
ii libgpgmepp6t64 1.24.2-3
ii libjpeg62-turbo 1:2.1.5-4
ii liblcms2-2 2.16-2
ii libnspr4 2:4.36-1
ii libnss3 2:3.110-1
ii libopenjp2-7 2.5.3-2.1~deb13u1
ii libpng16-16t64 1.6.48-1+deb13u1
ii libstdc++6 14.2.0-19
ii libtiff6 4.7.0-3+deb13u1
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages libpoppler147 recommends:
ii poppler-data 0.4.12-1
Versions of packages libpoppler147 suggests:
ii gpgsm 2.4.7-21+deb13u1+b1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 25.03.0-5+deb13u4
Done: John Scott <[email protected]>
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
John Scott <[email protected]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 Jul 2026 16:52:33 +0000
Source: poppler
Architecture: source
Version: 25.03.0-5+deb13u4
Distribution: trixie
Urgency: medium
Maintainer: Debian freedesktop.org maintainers
<[email protected]>
Changed-By: John Scott <[email protected]>
Closes: 1127146
Changes:
poppler (25.03.0-5+deb13u4) trixie; urgency=medium
.
* Team upload
* Fix creation of ill-formed PDF document signatures (Poppler issue #1596)
- fixes "Invalid signature time when signing a PDF" (Closes: #1127146)
Signatures made with previous versions of Poppler may not be recognized
by other applications as valid.
Checksums-Sha1:
93dfba16e2153d049c68b9b5ac7fcdda22badd22 3966 poppler_25.03.0-5+deb13u4.dsc
ee5041be2a6bd6b6e5627776c7c82b788e238f58 1954516 poppler_25.03.0.orig.tar.xz
4bb39d042134f5ed6c742bbab4d6efcaf6ff923a 44732
poppler_25.03.0-5+deb13u4.debian.tar.xz
e360166df6ad08697416155d240cc09d759ed159 14701
poppler_25.03.0-5+deb13u4_source.buildinfo
Checksums-Sha256:
b895e1e28568a486523f93dd5a8707ecb16767c5f134a6e23510b0597114c628 3966
poppler_25.03.0-5+deb13u4.dsc
97da4ff88517a6bbd729529f195f85c8d7a0c3bb4a3d57cb0c685cbb052fe837 1954516
poppler_25.03.0.orig.tar.xz
2605b5d7e6ce17a307d067048386deedfc41fdac6f75f81ad76050f517fc0de4 44732
poppler_25.03.0-5+deb13u4.debian.tar.xz
058433b020e7e6e7c0c550387105322daad4a9467bdc047bd70b6a2b2e061b6c 14701
poppler_25.03.0-5+deb13u4_source.buildinfo
Files:
78274329c14a0f634c717578b7d2b5c5 3966 devel optional
poppler_25.03.0-5+deb13u4.dsc
21bb345c070ab16d7cd3bafcd513cc02 1954516 devel optional
poppler_25.03.0.orig.tar.xz
75d3ebf4d6475e286968f2804146ba7d 44732 devel optional
poppler_25.03.0-5+deb13u4.debian.tar.xz
7eb96942c919d841578363bf7b1d8689 14701 devel optional
poppler_25.03.0-5+deb13u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmpGo48ACgkQnUbEiOQ2
gwJJihAAj2Pa/bYpn1clN0dODO31IIYQFkOnlRZD/rVCevxYspMMPAJ+kFDqUcB0
ImbEMYuaF1p1nKIo1ZK1pN6hMHzTR2CG5iI9F9ehalHQraudvdLhxQp17Fict/Y/
wt7qyc9xwknSWKBvq3ZUTVQthLD5/4y2+Zej98J981ggmlnihYfRhlSX8hW3668g
yCnqLzCaPJzkDhda1tYafY04efCSZATqUOmNvw6nj8it2auzYGNhmCak14Y6tm+j
WGKn1H+k65U6XhxgfyJlzdSF8zPneAx6Xa0tgXEhiGBlAq9sJIHfQPP9bBFVmXT7
Wc028DLVU0jomsoUbX7SgBRwh6fdX3r79sBFMG/bchnYnyycpgOaPthmNhnU4zJJ
V/zehlqc41G8lBPOsvQNy4KxwqTPPL4TimYQyBqOHZsAc1FP9dObHR++UfFSDSWn
qwBtcYyKsHv7wpN2XaukCnYfwmymUjw1Pro4gzjXEgRlTHSJ6fqW/3PCu820G82N
8pkg/4jE2qHv4HgN8XecwGtT3nbTO4S3lM2Uiqfw4W/LUMeRDmawSv/u0vUzIkvO
gQPr+WKFMZpXuaRnqA2oDVYxpnVk1Dg3ZyXrKtlVzUGlXFRKomr6yzexQYTYvBw6
HFs0hjBDnGyaLB7CxM7p5uoRKMXtYraMm8PnC914PxQvHnHiovY=
=bzl7
-----END PGP SIGNATURE-----
pgpG0tl1_8cAx.pgp
Description: PGP signature
--- End Message ---