Your message dated Wed, 16 Aug 2023 19:37:45 +0000
with message-id <[email protected]>
and subject line Bug#1042811: fixed in poppler 23.08.0-2
has caused the Debian Bug report #1042811,
regarding poppler: CVE-2023-34872: crash in pdftohtml
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1042811: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042811
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: poppler
Version: 22.12.0-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for poppler.
CVE-2023-34872[0]:
| A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a
| remote attacker to cause a Denial of Service (DoS) (crash) via a
| crafted PDF file in OutlineItem::open.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-34872
https://www.cve.org/CVERecord?id=CVE-2023-34872
[1] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
[2]
https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 23.08.0-2
Done: Amin Bandali <[email protected]>
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Amin Bandali <[email protected]> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 Aug 2023 10:20:27 -0400
Source: poppler
Built-For-Profiles: noudeb
Architecture: source
Version: 23.08.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian freedesktop.org maintainers
<[email protected]>
Changed-By: Amin Bandali <[email protected]>
Closes: 1042811
Changes:
poppler (23.08.0-2) experimental; urgency=medium
.
* Team upload
.
[ Jeremy Bicha ]
* Explicitly disable gpg support for now
.
[ Amin Bandali ]
* 23.08.0 upstream release addresses CVE-2023-34872 (Closes: #1042811)
* debian/rules: Opt into LTO (to minimize symbols diff with Ubuntu)
* Drop most optional symbols from libpoppler-qt5-1 and libpoppler-qt6-3
Checksums-Sha1:
09fcb66664acae55851c913b3ee762f181e99894 3638 poppler_23.08.0-2.dsc
8488a5c9ce93ae269f07372589f71c27af8f1bc8 1883408 poppler_23.08.0.orig.tar.xz
fcbcbd1a0517f39123902335860d0d228c91a999 833 poppler_23.08.0.orig.tar.xz.asc
60bc0195a270cedfdc28075036b6eba19d6781fe 37584 poppler_23.08.0-2.debian.tar.xz
e1d511a47600c92f617cf7b832febebf5af77a03 16644
poppler_23.08.0-2_source.buildinfo
Checksums-Sha256:
81aa36d45a6a47af0d773974870f6361850300dcd4bbd0f22bcbdffddd29066d 3638
poppler_23.08.0-2.dsc
4a4bf7fc903b9f1a2ab7d04b7c5d8220db9bc6261cc73fdb9a826dc272f49aa8 1883408
poppler_23.08.0.orig.tar.xz
f71a447f855324a6d8514e09460870c55442fd4b6055f46b26b718fee65e01f3 833
poppler_23.08.0.orig.tar.xz.asc
81519dc2774f1a60c2c91bf37a94b78d28afa61125be080eb34a6f563889b1da 37584
poppler_23.08.0-2.debian.tar.xz
9362688b058c8756b1d0c813bdd35ea657a0c2251791de4af1ee6d405469b687 16644
poppler_23.08.0-2_source.buildinfo
Files:
a3c7e4b95dd83a0749fcaa2a792f604b 3638 devel optional poppler_23.08.0-2.dsc
b369afc9511198de5a604ca3baea1ddd 1883408 devel optional
poppler_23.08.0.orig.tar.xz
d25bccfe5b3ab913df918a7b80cd4219 833 devel optional
poppler_23.08.0.orig.tar.xz.asc
392886cfb26f4d14f06c8090ec8bc73a 37584 devel optional
poppler_23.08.0-2.debian.tar.xz
e8319e85c4e0982fad9e9d51cc0665b8 16644 devel optional
poppler_23.08.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmTdG88ACgkQ5mx3Wuv+
bH0MphAAwHR0ktizdxYKjWhjFp2c9IGJRxy6dNPw0/EZ7PoyYcLU10iSowB6eAAj
e9lJfnsXG0E2SpVK4wXnJNigqSTHPrvl7TdbgRiNtIwDEYYXRsbvs8LnHN0hMuGz
dvufWQbjD8SdMOJfx6whhTHMHL4cLXB1VlvKX7uM3NnELrhDQyeDdRE/HVJyLpHK
vs7DQJscdD1Ip71kU9OozOxqQRNV9Anlz97596kv8my5OUOesDr3WEwMV/nINGM2
VD91CuLIssRwUXD+Od/JstPRuKGDGKx3gugl8AUtbB5Z90uJ66laTgfNwuxbyghq
21C86+knSQ2TDB8+Fn0UzecE3nqzIgJx1tJJ1lJcOcT9GGXsApjwFy6iets2yDNL
Z2mQwvWR5l+MnQ806s27UFwl6uIiD4/FaBE5ArjQi4jZTKmL5xFyc+TjSddQFcZ/
zDQYUpfKIUCbhaJ2x6GdASlREsh7xzIFSJhCN6XdNduO5mQ+4WG235Jn3gEgRi0E
hoT8jw5eAC5sIsd27eOiWfhKf4z6zk0VP4acChseOON6tfLk82NzAk4HB8ArIRrX
+E8N8xXvhpPxZQ1QR/7uu3NimeS81CPPCY428yY3Wiq4kq1o33ztOQOgyCHmYuWE
0iT6/wnKgQUFtoxrYV4p9O+xPtg6fsNOOrtSeetReCLvKyOMrUg=
=eh2T
-----END PGP SIGNATURE-----
--- End Message ---
