xpdf (3.02-1.4ubuntu2.9.10.1) karmic-security; urgency=low
[ Nicolas Valcárcel Scerpella ]
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which might
allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which
might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which
might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which
might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1183
[ Jamie Strandboge ]
* debian/patches/00list: don't apply 41_lesstif_cpp.dpatch, no longer needed
on Karmic
Date: Mon, 04 Oct 2010 15:07:39 -0500
Changed-By: Jamie Strandboge <[email protected]>
Maintainer: Ubuntu MOTU Developers <[email protected]>
https://launchpad.net/ubuntu/karmic/+source/xpdf/3.02-1.4ubuntu2.9.10.1
Format: 1.8
Date: Mon, 04 Oct 2010 15:07:39 -0500
Source: xpdf
Binary: xpdf xpdf-common xpdf-reader xpdf-utils
Architecture: source
Version: 3.02-1.4ubuntu2.9.10.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <[email protected]>
Changed-By: Jamie Strandboge <[email protected]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Changes:
xpdf (3.02-1.4ubuntu2.9.10.1) karmic-security; urgency=low
.
[ Nicolas Valcárcel Scerpella ]
* SECURITY UPDATE: Integer overflow in SplashBitmap::SplashBitmap which
might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-1188 and CVE-2009-3603
* SECURITY UPDATE: NULL pointer dereference or heap-based buffer overflow in
Splash::drawImage which might allow remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3604
* SECURITY UPDATE: Integer overflow in the PSOutputDev::doImageL1Sep which
might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3606
* SECURITY UPDATE: Integer overflow in the ObjectStream::ObjectStream which
might allow
remote attackers to execute arbitrary code via a crafted PDF document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3608
* SECURITY UPDATE: Integer overflow in the ImageStream::ImageStream which
might allow
remote attackers to cause a denial of service via a crafted PDF
document.
- fix-CVE-2009-1188,3603,2009,3604,3606,3608,3609.dpatch: Patch backported
from debian
- CVE-2009-3609
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0146
* SECURITY UPDATE: Multiple integer overflows in the JBIG2 decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a crafted PDF
file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0147
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to "g*allocn."
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0165
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, and other products allows remote attackers to cause a denial
of service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0166
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
that triggers an out-of-bounds read.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0799
* SECURITY UPDATE: Multiple "input validation flaws" in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
and other products allow remote attackers to execute arbitrary code via
a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-0800
* SECURITY UPDATE: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
allows remote attackers to execute arbitrary code via a crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1179
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to execute arbitrary code via a crafted PDF file that triggers
a free of invalid data.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1180
* SECURITY UPDATE: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1181
* SECURITY UPDATE: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
other products allow remote attackers to execute arbitrary code via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1182
* SECURITY UPDATE: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
attackers to cause a denial of service (infinite loop and hang) via a
crafted PDF file.
- fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch: Patch
backported from debian
- CVE-2009-1183
.
[ Jamie Strandboge ]
* debian/patches/00list: don't apply 41_lesstif_cpp.dpatch, no longer needed
on Karmic
Checksums-Sha1:
e773a12d4e5787d6c664af3530966323382ea7ef 2030 xpdf_3.02-1.4ubuntu2.9.10.1.dsc
b960584e44d38659c074fc51a0386fbbb9e6f893 46802
xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Checksums-Sha256:
5c495a12108373ee82a04dcf0d68049cdf4993ff905a0fbf91613826457db351 2030
xpdf_3.02-1.4ubuntu2.9.10.1.dsc
486608d4ae0787d6f8c06dfb063ebe68e12263f862faef0a08f623b6914a31e1 46802
xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Files:
66a840ebb6ef8abd162476c1d4caa1a4 2030 text optional
xpdf_3.02-1.4ubuntu2.9.10.1.dsc
3b111fa4e8d92f20f7bf8e09ccb5a645 46802 text optional
xpdf_3.02-1.4ubuntu2.9.10.1.diff.gz
Original-Maintainer: Hamish Moffatt <[email protected]>
--
Karmic-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/karmic-changes
