*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
There are these bugs in libpoppler-glib8: https://gitlab.freedesktop.org/poppler/poppler/issues/845 https://gitlab.freedesktop.org/poppler/poppler/issues/846 The first is about sharing cairo_font_face_t instances in multiple threads which is not thread-safe. The second is about accessing global linked list struct without proper synchronisation mechanism. Due to these two bugs poppler+cairo cannot be used for rendering multiple documents in multiple threads. The second may be potentially security vulnerability for applications that use poppler+cairo in multiple threads due to writes to potentially uninitialised pointer. I noticed that poppler source package contains a lot of patches from ubuntu updates. Would be possible to add patch to this problem to ubuntu (and also debian) updates? ** Affects: poppler (Ubuntu) Importance: Undecided Status: New -- Thread-safety bugs in package libpoppler-glib8 https://bugs.launchpad.net/bugs/1857902 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
