Your message dated Thu, 08 Sep 2022 15:49:04 +0000
with message-id <e1owjm4-009naw...@fasolo.debian.org>
and subject line Bug#1018971: fixed in poppler 22.08.0-2.1
has caused the Debian Bug report #1018971,
regarding poppler: CVE-2022-38784
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1018971: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: poppler
Version: 22.08.0-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for poppler.
CVE-2022-38784[0]:
| Poppler prior to and including 22.08.0 contains an integer overflow in
| the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc).
| Processing a specially crafted PDF file or JBIG2 image could lead to a
| crash or the execution of arbitrary code. This is similar to the
| vulnerability described by CVE-2022-38171 in Xpdf.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-38784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784
[1]
https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52
[2] https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 22.08.0-2.1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1018...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Sep 2022 21:30:51 +0200
Source: poppler
Built-For-Profiles: noudeb
Architecture: source
Version: 22.08.0-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian freedesktop.org maintainers
<pkg-freedesktop-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1018971
Changes:
poppler (22.08.0-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* JBIG2Stream: Fix crash on broken file (CVE-2022-38784) (Closes: #1018971)
Checksums-Sha1:
f12beba67800947a34d6d6de3e8c34484e308642 3253 poppler_22.08.0-2.1.dsc
f21a6c04cd75b91a436316b2d1d8dab2f23ae3ed 37608
poppler_22.08.0-2.1.debian.tar.xz
a80d6dc4b3a965c7396e0031803abecebfeeabf4 15959
poppler_22.08.0-2.1_source.buildinfo
Checksums-Sha256:
e3eed305cea51907f0620eab90cef097af692ec5773e96cba9d008f39c1ffff5 3253
poppler_22.08.0-2.1.dsc
22ef8a4971956c61e60a56b1355af8b2e7a4a8fab619d6757fb224458ea3f63d 37608
poppler_22.08.0-2.1.debian.tar.xz
899dad5dd1f5596bc49cf3b4042e2bf93e6c2f32ff968017412e09097d74a30f 15959
poppler_22.08.0-2.1_source.buildinfo
Files:
a301f9fbbc9600e5b93ba759447f3f2b 3253 devel optional poppler_22.08.0-2.1.dsc
af455e488373114938ce81ec5c8870c9 37608 devel optional
poppler_22.08.0-2.1.debian.tar.xz
e2c2afd525c1a13ee47559ccc4f3258e 15959 devel optional
poppler_22.08.0-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmMZ+fIACgkQ5mx3Wuv+
bH31gw//X8NZvbJKOThPx26XMdddC8LYRtlmW1LW8e6t1baGqzVqaFN3rWKlB525
C/xvJexSrIjKOUpgdW6xvBix23KHcU2SZYFbO46rYy6fa1/LCPj6KQ3ULIHbKo1Y
bkM1K/3CPJGSWgAuYjilPnDc+iWwwh8jz2jZ2QrW7kwqC8dIX1/BchPxGo5B9mwM
rPVQ3wfynagJFEcvfY53G8lMtLa8uJWrj2TG35NmyhF8Frkw58YuK9HgixUEb2Ov
QtBjytNXZgZLhAhtgqBgIXoEfaqM28rjZzp6EuZfe7Y1vpJ8taov2CAzK9yzeiGZ
KU2VR+WS8DtTk9CcYGxV+IiSRmTFpAX2MShMhPl1GPc6vNWissq1MoKDbcEcABgD
Hrx+AG3cRcb1kYTWYQqTYwbuhGrrTYovB58v6NfUVA/0yTzU4DOqVG1Yj4fNKZsc
3yqck/MiXw3L4gcY5UZ2Qg/NKvlpN3qPBVAWjMtWwpNkowcxv+krxacrI6yAXEBm
yOMYAjBS9BSYeUWJHwf8lReuAgEBQn01osbf3NGnWl9AUJ0F1whA9Rpw1jneg/aa
UjAJCPJNz7zW5SfB68jiZX5rYq7zlOGh1WtZ+zRJ012Ke9Pw1QaM0ydOYiknsLe4
Io6zvdBFDs5Pi/2hAi4MM5dZnub9cBn0p+eLszz6ZfYd6z6+O6s=
=v2Ga
-----END PGP SIGNATURE-----
--- End Message ---
