Your message dated Mon, 02 May 2016 22:32:50 +0000
with message-id <[email protected]>
and subject line Bug#822578: fixed in poppler 0.26.5-2+deb8u1
has caused the Debian Bug report #822578,
regarding poppler: CVE-2015-8868: heap buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
822578: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: poppler
Version: 0.38.0-2
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for poppler.
CVE-2015-8868[0]:
heap overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8868
[1]
https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
[2] https://bugs.freedesktop.org/show_bug.cgi?id=93476
Please adjust the affected versions in the BTS as needed. Only source
for poppler in unstable has been checked by now.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 0.26.5-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pino Toscano <[email protected]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 Apr 2016 19:02:11 +0200
Source: poppler
Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8
libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4
libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0
libpoppler-cpp-dev poppler-utils poppler-dbg
Architecture: source amd64 all
Version: 0.26.5-2+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Loic Minier <[email protected]>
Changed-By: Pino Toscano <[email protected]>
Description:
gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
libpoppler-cpp0 - PDF rendering library (CPP shared library)
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib
interface)
libpoppler-glib-doc - PDF rendering library -- documentation for the GLib
interface
libpoppler-glib8 - PDF rendering library (GLib-based shared library)
libpoppler-private-dev - PDF rendering library -- private development files
libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library)
libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4
interface)
libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5
interface)
libpoppler46 - PDF rendering library
poppler-dbg - PDF rendering library -- debugging symbols
poppler-utils - PDF utilities (based on Poppler)
Closes: 822578
Changes:
poppler (0.26.5-2+deb8u1) jessie-security; urgency=medium
.
* Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix
a crash on invalid files, reported also as CVE-2015-8868; patch
upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578)
Checksums-Sha1:
1f09d682b1d5986379d7f7c3c032d8b754d9c71d 3288 poppler_0.26.5-2+deb8u1.dsc
12937666faee80bae397a8338a3357e864d77d53 1595232 poppler_0.26.5.orig.tar.xz
2aab1da9b0cdbf72571569cb60c62520240ba788 30420
poppler_0.26.5-2+deb8u1.debian.tar.xz
c01edb5bd7cb586c1e64525238374dd16160fd0c 1210822
libpoppler46_0.26.5-2+deb8u1_amd64.deb
8e84ead80a118efb71c928644c85564c804a72a0 764354
libpoppler-dev_0.26.5-2+deb8u1_amd64.deb
66d50a905f105105cff8b70c0499869d0a9e39bb 179206
libpoppler-private-dev_0.26.5-2+deb8u1_amd64.deb
b4e64f294dd999a92d185f02aa726fce0a6993b3 120698
libpoppler-glib8_0.26.5-2+deb8u1_amd64.deb
99d9813adfc3ea262509ce552ebdcaa551c3b840 162244
libpoppler-glib-dev_0.26.5-2+deb8u1_amd64.deb
9fe72ba4f5a7e9c0fff771681f78cfac71d94fe3 84228
libpoppler-glib-doc_0.26.5-2+deb8u1_all.deb
1cc5b914e040a0eee1b60a3438e13147e0b8a447 33016
gir1.2-poppler-0.18_0.26.5-2+deb8u1_amd64.deb
d64d3c909b4fdc8e49a92f66a29d84b6c9b0843f 126524
libpoppler-qt4-4_0.26.5-2+deb8u1_amd64.deb
b756ab73fabd5963a70a119acaca05e02ae045e0 157808
libpoppler-qt4-dev_0.26.5-2+deb8u1_amd64.deb
6f131cbf90fb3bfe934b0a26b1bb1288d9eadacc 130908
libpoppler-qt5-1_0.26.5-2+deb8u1_amd64.deb
d0fdd79e2f622366f3cd044f90e6a6717db8e469 164722
libpoppler-qt5-dev_0.26.5-2+deb8u1_amd64.deb
5510f41782658ee9a0dd8de204118eff90088a52 43468
libpoppler-cpp0_0.26.5-2+deb8u1_amd64.deb
3e8122119941ab755ede42ba5f5abe81f12b96f2 48096
libpoppler-cpp-dev_0.26.5-2+deb8u1_amd64.deb
a36d30549322f2045ce0c7c615e9821111bb2e1e 139664
poppler-utils_0.26.5-2+deb8u1_amd64.deb
865c45c01989c6c5e504c5698f5370be2143f9a5 7681538
poppler-dbg_0.26.5-2+deb8u1_amd64.deb
Checksums-Sha256:
dd4359d36abd76d8fc21548bf6c27b1e1db629272cfee56a9ba7b43fb5c96834 3288
poppler_0.26.5-2+deb8u1.dsc
de7de5fa337431e5d1f372e8577b3707322f1dbc1dc28a70f2927476f134d1ee 1595232
poppler_0.26.5.orig.tar.xz
42d0d603a97b6b8f17b8cf4094bdf31c1357e42be13fd32989128bde5eca24f2 30420
poppler_0.26.5-2+deb8u1.debian.tar.xz
86b03c6b8376fecb75a3e0074ad594c3b139d6a6ebe8209366e8c0fe881404e8 1210822
libpoppler46_0.26.5-2+deb8u1_amd64.deb
34ea85d6ce307439f37c79510cffe45b2ed94f2c6e01dae59630db1b1098a90b 764354
libpoppler-dev_0.26.5-2+deb8u1_amd64.deb
167f51c3b84f7b6b2c95d7ce7ac090c959e602ef9ad98afaa71099223284243a 179206
libpoppler-private-dev_0.26.5-2+deb8u1_amd64.deb
f620f976e9863c8c8d827304c9d17731c1e1e486ffb07ffbee9b594aa07c6196 120698
libpoppler-glib8_0.26.5-2+deb8u1_amd64.deb
0c22e96ba4036b5ee0447d32d98c2596e80a170bcd485bacdb766c4ecdb3b3d9 162244
libpoppler-glib-dev_0.26.5-2+deb8u1_amd64.deb
221d8677b1568ea06b2bac4ba98a3269468d880d158b33a89df754d4de63f7d6 84228
libpoppler-glib-doc_0.26.5-2+deb8u1_all.deb
82e3161d8943ae8d39875240ccc965f60d553ebf08fc1e0778421d8d06e4a9bd 33016
gir1.2-poppler-0.18_0.26.5-2+deb8u1_amd64.deb
783e33fd49c9fa75e0c7e9696e2e34d8f7985dcf95d2bab9fd80d1fce8d02f6b 126524
libpoppler-qt4-4_0.26.5-2+deb8u1_amd64.deb
f4350ab8561575d19b36ed4e739969df824ba0b0738c56784d17afec43bd225c 157808
libpoppler-qt4-dev_0.26.5-2+deb8u1_amd64.deb
6cdb816b19bc0c6717e934879897d4ca23c9a4fdf4e45cc28147fa5329665d26 130908
libpoppler-qt5-1_0.26.5-2+deb8u1_amd64.deb
0637b77e0f3e702568c2fa682add1e164e3e5e0ff265c37fbe3f4839623fc637 164722
libpoppler-qt5-dev_0.26.5-2+deb8u1_amd64.deb
18585bd2b5c4c2c2cd2ba6895423e7b41525534bbe35bbd251087404dbdadec8 43468
libpoppler-cpp0_0.26.5-2+deb8u1_amd64.deb
f178465d082e78793bee195d7d8f11078a314ba9592c7186257f61e956b14705 48096
libpoppler-cpp-dev_0.26.5-2+deb8u1_amd64.deb
08727e1d1bab55b44cd312e2ed9548215e977fe7798424180435155d1217d891 139664
poppler-utils_0.26.5-2+deb8u1_amd64.deb
ed3510c098255be69916351789122f580cd02ea30ecc582c682459e4e7bbe653 7681538
poppler-dbg_0.26.5-2+deb8u1_amd64.deb
Files:
7a841e3ea6083843a23e3b253afa4ed9 3288 devel optional
poppler_0.26.5-2+deb8u1.dsc
786c943eee550e3a977c181e7778b1c8 1595232 devel optional
poppler_0.26.5.orig.tar.xz
f32446a9c699275428ce956e56060caa 30420 devel optional
poppler_0.26.5-2+deb8u1.debian.tar.xz
5afc5bc545622d8936dbeb268948f766 1210822 libs optional
libpoppler46_0.26.5-2+deb8u1_amd64.deb
5b553c55faf44fd585fbf022b59df040 764354 libdevel optional
libpoppler-dev_0.26.5-2+deb8u1_amd64.deb
d2673f6676a4e39e922364ba9f4fba08 179206 libdevel optional
libpoppler-private-dev_0.26.5-2+deb8u1_amd64.deb
1a159f662172437944cf970ec969e997 120698 libs optional
libpoppler-glib8_0.26.5-2+deb8u1_amd64.deb
055dfad4d39e64910faf9ce0a15aee29 162244 libdevel optional
libpoppler-glib-dev_0.26.5-2+deb8u1_amd64.deb
a451a0a492cdf822690b3cfce086f50a 84228 doc optional
libpoppler-glib-doc_0.26.5-2+deb8u1_all.deb
0bc95f4a967ffee3d06accbe0bf0e25c 33016 introspection optional
gir1.2-poppler-0.18_0.26.5-2+deb8u1_amd64.deb
e5db409c139a3702811c833a3871a8d3 126524 libs optional
libpoppler-qt4-4_0.26.5-2+deb8u1_amd64.deb
1ea4ca224681cbcff1e200b99939995b 157808 libdevel optional
libpoppler-qt4-dev_0.26.5-2+deb8u1_amd64.deb
af4666c0acf1eae933efcf998b740840 130908 libs optional
libpoppler-qt5-1_0.26.5-2+deb8u1_amd64.deb
07c2b6ebd127a0e9e3187d00cb469f05 164722 libdevel optional
libpoppler-qt5-dev_0.26.5-2+deb8u1_amd64.deb
a29dcc7062e41a45e1781a135835c408 43468 libs optional
libpoppler-cpp0_0.26.5-2+deb8u1_amd64.deb
02c4b18bc1e2c989b964642756d0957e 48096 libdevel optional
libpoppler-cpp-dev_0.26.5-2+deb8u1_amd64.deb
a3c24882caa10b101a579271c7441bd3 139664 utils optional
poppler-utils_0.26.5-2+deb8u1_amd64.deb
190f10b2539b2ef31908fc75884e6bbd 7681538 debug extra
poppler-dbg_0.26.5-2+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXI0eYAAoJEBDCk7bDfE42q4cQAKIEEMs+yXnCl7oFbZlurLwJ
Z6NrBgBsu79sg1LTp7F80Hu40u17+mHqjNEd0ZpN/wJPvviUXyZU5qL+uN86liqD
De7VhuWWKSQOVhcK8S3LfHHdNxHu3Lpz48SPCsoUj+DKXwXPkCexpimd9YmqJgEI
wqpcULX+5bAEW2hbNY9OY5txHEos/bc4TXC/IhourGlYMmjN5yD3HqE1NNQL5BgH
87VnnD1i0zvRpWLyvECkpJAn+IyQeYhfPOiRDsinY83vgawRWNhf/bYB9A3CVqfL
jl6t4OJtIHJobXJUytJwb+FK++PEaiVI80SX967sL1F7WKCCOr52sMGuL6sFCnxB
fS6hmvQlyuYfphBsU9vzCdO5ovNw1MDazU72LvbKDn/S3fZwmX4ufaJSRqlyTB8c
DJSIBFLz0ox+YmE2k/L+q/iW8zXKnIEqNrVMtmQ8WHbjsgUq4j9AlMMqAeCtKiMR
u9AQcXmjomZ6MxaG4efuDVLpLBQH14Dpw/gcPMkHXtG+Rh2nqjWFQwxaAkPS2oM6
aqnL3hY5H4QfeZI3sbomAyTZGfNrYtN5Z8ZXyFwhMN19x28qqkGimDSnQ325BJu2
RRNhOfvCn1Ge5G68Q8cY5BSRBKH2FgBGDjjfN4Z2HE1T0pROOsk2M2uyIhqirgcr
jzrcRUZ6+v5hpShUId6A
=fY0K
-----END PGP SIGNATURE-----
--- End Message ---
