Hi, At least three of these issues appear to be vulnerabilities (probably more), any chance of getting CVEs assigned to them? Apache is a CNA now so I'd think it wouldn't be too much trouble.
The issues I see as being vulnerabilities are PDFBOX-3919, PDFBOX-3949 and PDFBOX-3976. Thanks, David On 2017-11-03 02:19, Andreas Lehmkuehler <[email protected]> wrote: > The Apache PDFBox community is pleased to announce the release of > Apache PDFBox version 2.0.8. The release is available for download at: > > http://pdfbox.apache.org/download.cgi > > See the full release notes below for details about this release. > > Release Notes -- Apache PDFBox -- Version 2.0.8 > > Introduction > ------------ > > The Apache PDFBox library is an open source Java tool for working with PDF > documents. > > This is an incremental bugfix release based on the earlier 2.0.7 release. It > contains > a couple of fixes and small improvements. > > For more details on these changes and all the other fixes and improvements > included in this release, please refer to the following issues on the > PDFBox issue tracker at https://issues.apache.org/jira/browse/PDFBOX. > > Bug > > [PDFBOX-3424] - Regression from 1.8.10: IOException: XREF for 171:0 points to > wrong object: 173:0 > [PDFBOX-3639] - FDF does not parse: Missing root object specification in > trailer. > [PDFBOX-3874] - /Fontinfo instead of /FontInfo in type 1 font > [PDFBOX-3881] - Handling of Byte Order Mark with Metadata-Fields > [PDFBOX-3884] - GlyphList registers "wrong" Adobe name for "U+02DC SMALL > TILDE" > [PDFBOX-3887] - Getting a "DataFormatException: invalid distance too far > back" > exception for the attached file > [PDFBOX-3894] - NPE on org.apache.pdfbox.pdmodel.PDPageTree.isPageTreeNode > [PDFBOX-3896] - UnsupportedOperationException > [PDFBOX-3898] - AcroFields' PDTextField (and others?) can have kids > [PDFBOX-3909] - End of inline image not detected > [PDFBOX-3913] - Japanese URI improperly decoded > [PDFBOX-3914] - LayerUtility ignores OCProperties on import > [PDFBOX-3916] - NPE on org.apache.pdfbox.pdmodel.font.PDType0Font.readEncoding > [PDFBOX-3919] - Infinite loop while parsing (2) > [PDFBOX-3923] - Expected a long type at offset 52152, instead got 'xref' > [PDFBOX-3925] - QUADDING constants no longer public > [PDFBOX-3928] - IllegalArgumentException: root cannot be null with truncated > file > [PDFBOX-3929] - Border style dictionary width ignored by Adobe Reader when > float > [PDFBOX-3930] - replace deprecated TBSCertificateStructure > [PDFBOX-3932] - Image with predictor 15 not rendered correctly > [PDFBOX-3934] - Page missing > [PDFBOX-3935] - DataFormatException: invalid stored block lengths > [PDFBOX-3936] - IllegalArgumentException: root cannot be null with truncated > file (2) > [PDFBOX-3937] - NPE in PDCIDFontType2 constructor > [PDFBOX-3940] - Lost metadata in 2.0.8-SNAPSHOT > [PDFBOX-3942] - ClassCastException in getOptionalContentGroups > [PDFBOX-3943] - /Helv entry in /DR not created if /DR exists > [PDFBOX-3946] - NPE in PDActionURI.getURI() if URI doesn't exist > [PDFBOX-3947] - ArrayIndexOutOfBoundsException in bfSearchForObjStreams > [PDFBOX-3948] - NumberFormatException in bfSearchForObjStreams > [PDFBOX-3949] - NPE in bfSearchForObjStreams > [PDFBOX-3950] - NPE in PageIterator.enqueueKids > [PDFBOX-3955] - new -- very slow processing on truncated PDF > [PDFBOX-3957] - Pages lost > [PDFBOX-3958] - UTF-16 (BE) URI improperly decoded > [PDFBOX-3959] - DataFormatException: invalid code lengths set with truncated > file > [PDFBOX-3963] - ClassCastException in PDCIDFont.readVerticalDisplacements() > [PDFBOX-3965] - Truetype Font glyphs not rendered > [PDFBOX-3967] - IllegalArgumentException: Illegal Capacity: -1 > [PDFBOX-3969] - Splitting starts counting for cutting out pages wrongly > [PDFBOX-3972] - Incorrect page after merge for OpenAction with GoTo page > destination > [PDFBOX-3976] - NPE in bfSearchForTrailer > [PDFBOX-3977] - /Info dictionary no longer available > [PDFBOX-3978] - IllegalStateException on saveIncrementalForExternalSigning > [PDFBOX-3979] - NullPointerException on > Type1Parser.readCharStrings(Type1Parser.java:713) > > Improvement > > [PDFBOX-3878] - Improve and refactor RemoveAllText example > [PDFBOX-3890] - The operator Tz is not available when creating new PDF using > PDPageContentStream > [PDFBOX-3897] - Avoid sRGB self-conversions > [PDFBOX-3900] - Optimize PDSeparation for shadings > [PDFBOX-3911] - Handle new line characters in single line text fields > [PDFBOX-3920] - CIDSet should be PDF/A-2b compatible > [PDFBOX-3927] - Support optional content in annotations > [PDFBOX-3944] - ERROR "Can't read embedded ICC profile" is too scary > [PDFBOX-3971] - Add Certificate Dictionary to seed value in signature field > [PDFBOX-3982] - [Patch/RFC] Set maximum compression level on FlateFilter > [PDFBOX-3983] - [Patch] Don't a allow a miter limit <= 0 > > Task > > [PDFBOX-3584] - Build and test PDFBox with JDK9 > [PDFBOX-3873] - Fix text comparison in PDFontTest > [PDFBOX-3938] - Add test from PDFBOX-2079 to 2.0 and trunk > [PDFBOX-3974] - Add more parsing regression tests > > Release Contents > ---------------- > > This release consists of a single source archive packaged as a zip file. > The archive can be unpacked with the jar tool from your JDK installation. > See the README.txt file for instructions on how to build this release. > > The source archive is accompanied by SHA1 and MD5 checksums and a PGP > signature that you can use to verify the authenticity of your download. > The public key used for the PGP signature can be found at > https://svn.apache.org/repos/asf/pdfbox/KEYS. > > About Apache PDFBox > ------------------- > > Apache PDFBox is an open source Java library for working with PDF documents. > This project allows creation of new PDF documents, manipulation of existing > documents and the ability to extract content from documents. Apache PDFBox > also includes several command line utilities. Apache PDFBox is published > under the Apache License, Version 2.0. > > For more information, visit http://pdfbox.apache.org/ > > About The Apache Software Foundation > ------------------------------------ > > Established in 1999, The Apache Software Foundation provides organizational, > legal, and financial support for more than 100 freely-available, > collaboratively-developed Open Source projects. The pragmatic Apache License > enables individual and commercial users to easily deploy Apache software; > the Foundation's intellectual property framework limits the legal exposure > of its 2,500+ contributors. > > For more information, visit http://www.apache.org/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
