Your message dated Mon, 25 Apr 2016 16:32:25 +0000
with message-id <[email protected]>
and subject line Bug#822578: fixed in poppler 0.38.0-3
has caused the Debian Bug report #822578,
regarding poppler: CVE-2015-8868: heap buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
822578: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: poppler
Version: 0.38.0-2
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for poppler.
CVE-2015-8868[0]:
heap overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8868
[1]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
[2] https://bugs.freedesktop.org/show_bug.cgi?id=93476
Please adjust the affected versions in the BTS as needed. Only source
for poppler in unstable has been checked by now.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 0.38.0-3
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pino Toscano <[email protected]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 25 Apr 2016 16:51:07 +0200
Source: poppler
Binary: libpoppler57 libpoppler-dev libpoppler-private-dev libpoppler-glib8
libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4
libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0v5
libpoppler-cpp-dev poppler-utils poppler-dbg
Architecture: source
Version: 0.38.0-3
Distribution: unstable
Urgency: medium
Maintainer: Loic Minier <[email protected]>
Changed-By: Pino Toscano <[email protected]>
Description:
gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
libpoppler-cpp0v5 - PDF rendering library (CPP shared library)
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib
interface)
libpoppler-glib-doc - PDF rendering library -- documentation for the GLib
interface
libpoppler-glib8 - PDF rendering library (GLib-based shared library)
libpoppler-private-dev - PDF rendering library -- private development files
libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library)
libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4
interface)
libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5
interface)
libpoppler57 - PDF rendering library
poppler-dbg - PDF rendering library -- debugging symbols
poppler-utils - PDF utilities (based on Poppler)
Closes: 822578
Changes:
poppler (0.38.0-3) unstable; urgency=medium
.
* Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix
a crash on invalid files, reported also as CVE-2015-8868; patch
upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578)
* Update Vcs-* fields.
* Bump Standards-Version to 3.9.8, no changes required.
Checksums-Sha1:
3f09f64ac3c83b820ac750490c0afe8052e228bc 3268 poppler_0.38.0-3.dsc
7539e98e216f2e1379ba452ef053effc56b54b5b 30180 poppler_0.38.0-3.debian.tar.xz
Checksums-Sha256:
ba0347c59eb51c3c850e5828d2295ac7ffcc65e737ead405f06f128ce8ce0473 3268
poppler_0.38.0-3.dsc
50ca62202170f746a00ecd9489a2ac8771261d5367aa1c7317dc59af97d6cf85 30180
poppler_0.38.0-3.debian.tar.xz
Files:
a50fd7e7001498e88e9746abe5fe8e1a 3268 devel optional poppler_0.38.0-3.dsc
864909d398c7035db1c47be8b3d1cbb2 30180 devel optional
poppler_0.38.0-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVx4whC0ZHIhDsT9NAQIZORAAh9sY0pNsNSsHrVrj1h68hmm4LZ9C5fiL
Wq1EeJMoaHjxW/+r6chBaESF8mQ3e+ToVm4OgES/TwX4qVmlBZkGkhIjrbdzZXsp
hzZZjZ3U2GTR7H9IuIKIXzMWWWwM8W/hIUAaFxbHcmGzkCgrA8JtduKoOhPoND+G
jNsyOfNj0PULOUh3ZAI4zi5U5MWqz/mygUcxMCgHtN1sTWwRuPbrGMMZsWp4aAfv
3uZV2GNIb70SNyEjop97RFfXfBMrDQy0wKGK71b/cSfmD/IfHoHapkQfPuq9mnOX
0zxEsvdsDE8OQh3hpEGk/UlHBQ1N2NMDQ+8Wsun9pM0HJEoL31wxjquxAsTLsH4r
bWVyxCJoO2Mlwk8v1zvpWQ/y8X2x36ZSqEXWUbJ0qd8OVfVg8UtC58k5wpOMUtQR
2c5oJLFg/mvkwWeU41jO2YkpSLNWD2jM/kvoQqekP6M/K/+HcgVpW21E7fBqtdis
GPqptPr31l0gX9hyFTAQAU63mhjrQkJgmSUDGWy0dZa4UB4YOAaYjhBbFzNNhmop
7tbU4Yn+nQ56SsgIjBWVTOIdp7BYqWjNM48hrIv7N7jLhW0NsGCE8ZcXM5B7ME67
cpKVQvkPowVS/gwDtjooDgfd6hdk0EM7QCMPBSInobcEZTpdxEOQMyw6LsNUv5e/
q0f5MePkDJE=
=cN0C
-----END PGP SIGNATURE-----
--- End Message ---
