2007
poppler (0.4.5-5.1) unstable; urgency=high
* Non-maintainer upload with approval of the maintainer.
* SECURITY UPDATE: Denial of Service.
* New patch, 108_CVE-2007-0104; limits recursion depth of the parsing tree to
100 to avoid infinite loop with crafted documents; CVE-2007-0104; from
Ubuntu's 0.4.2-0ubuntu6.8; originally taken from koffice security update;
closes: #407600.
-- Loic Minier <lool@dooz.org> Sat, 20 Jan 2007 00:12:49 +0100
2006
poppler (0.4.5-5) unstable; urgency=low
* Acknowledge NMU (Closes: #375332) * Add versioned conflict on pdftohtml (Closes: #393162)
-- Ondřej Surý <ondrej@debian.org> Tue, 24 Oct 2006 10:09:19 +0200
poppler (0.4.5-4.1) unstable; urgency=low
* Non-maintainer upload.
* Backport SplashFTFont.cc from 0.5.2; fixes FTBFS with Freetype 2.2.
(Closes: #373991)
-- Steinar H. Gunderson <sesse@debian.org> Sun, 25 Jun 2006 11:55:39 +0200
poppler (0.4.5-4) unstable; urgency=low
* Fix FTBFS with gcc 4.1 (Closes: #357479)
-- Ondřej Surý <ondrej@debian.org> Fri, 17 Mar 2006 17:13:33 +0100
poppler (0.4.5-3) unstable; urgency=low
* Disable cairo output for unstable, cairo rendering will stay
enabled in cairo version in experimental.
(Closes: #349371, #347652, #348511, #348869, #348980, #347423, #340379, #351070, #353444)
-- Ondřej Surý <ondrej@debian.org> Wed, 22 Feb 2006 09:36:36 +0100
poppler (0.4.5-2) unstable; urgency=high
* Add debian/patches/003-xpdf-3.01pl2.patch
- Security fixes from Derek Noonburg (follows CVE-2006-0301)
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Feb 2006 11:16:40 +0100
poppler (0.4.5-1) unstable; urgency=high
* New upstream security release
- fixes CVE-2006-0301
-- Ondřej Surý <ondrej@debian.org> Sun, 12 Feb 2006 20:34:47 +0100
poppler (0.4.4-2) unstable; urgency=low
* Remove debian/patches/001_relibtoolize.patch
+ Relibtoolizing is needed because of 000_add-poppler-utils.patch
which modifies Makefile.am (Closes: 348714)
-- Ondřej Surý <ondrej@debian.org> Wed, 18 Jan 2006 22:07:55 +0100
poppler (0.4.4-1) unstable; urgency=high
* New upstream security release
- fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627
* Remove debian/patches/003-CVE-2005-3624_5_7.patch:
- Merged upstream
* Remove debian/patches/004-fix-CVE-2005-3192.patch:
- Merged upstream
* Remove debian/patches/001-relibtoolize.patch
- Upstream uses recent libtool
-- Ondřej Surý <ondrej@debian.org> Thu, 12 Jan 2006 20:40:27 +0100
poppler (0.4.3-3) unstable; urgency=low
* Fix missing libcairo2-dev dependency (Closes: #346277)
-- Ondřej Surý <ondrej@debian.org> Fri, 6 Jan 2006 21:37:10 +0100
poppler (0.4.3-2) unstable; urgency=high
[ Martin Pitt ]
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add debian/patches/003-CVE-2005-3624_5_7.patch:
- poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream():
+ Check columns for negative or large values.
+ CVE-2005-3624
- poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
+ Reset numComps to 0 since it's a global variable that is used later.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readHuffmanTables():
+ Fix out of bounds array access in Huffman tables.
+ CVE-2005-3627
- poppler/Stream.cc, DCTStream::readMarker():
+ Check for EOF in while loop to prevent endless loops.
+ CVE-2005-3625
- poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(),
JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg():
+ Check user supplied width and height against invalid values.
+ Allocate one extra byte to prevent out of bounds access in combine().
* Add debian/patches/004-fix-CVE-2005-3192.patch:
- Fix nVals int overflow check in StreamPredictor::StreamPredictor().
- Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514.
[ Ondřej Surý ]
* Merge changes from Ubuntu (Closes: #346076).
* Enable Cairo output again.
-- Ondřej Surý <ondrej@debian.org> Thu, 5 Jan 2006 14:54:44 +0100
2005
poppler (0.4.3-1) unstable; urgency=high
* New upstream release. * New maintainer (Closes: #344738) * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. * Fixed some rendering bugs and disabled Cairo output (Closes: #314556, #322964, #328211) * Acknowledge NMU (Closes: #342288) * Add 001-selection-crash-bug.patch (Closes: #330544) * Add poppler-utils (merge patch from Ubuntu)
-- Ondřej Surý <ondrej@sury.org> Fri, 30 Dec 2005 11:34:07 +0100
poppler (0.4.2-1.1) unstable; urgency=high
* SECURITY UPDATE: Multiple integer/buffer overflows. * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193
-- Frank Küster <frank@debian.org> Fri, 23 Dec 2005 16:36:30 +0100
poppler (0.4.2-1) unstable; urgency=low
* GNOME Team upload.
* New upstream version.
* debian/control.in:
- updated the Build-Depends on libqt (Closes: #326130).
* debian/rules:
- updated the shlibs.
-- Sebastien Bacher <seb128@debian.org> Wed, 7 Sep 2005 12:41:48 +0200
poppler (0.4.0-1) unstable; urgency=low
* GNOME Team Upload. * Rebuild for the CPP transition. * New upstream version (Closes: #311133): - fix some crashers (Closes: #315590, #312261, #309410). - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). * debian/control.in, debian/rules: - build with the current cairo version (Closes: #321368, #318293). - update for the renamed the packages. * debian/patches/01_CAN-2005-2097.patch: - Patch from Ubuntu, thanks Martin Pitt. - Check sanity of the TrueType "loca" table. Specially crafted broken tables caused disk space exhaustion due to very large generated glyph descriptions when attempting to fix the table. - Upstream patch scheduled for xpdf 3.01. - CAN-2005-2097 * debian/watch: - fixed, patch by Jerome Warnier <jwarnier@beeznest.net> (Closes: #310996).
-- Sebastien Bacher <seb128@debian.org> Wed, 17 Aug 2005 21:54:07 +0200
poppler (0.3.1-1) unstable; urgency=low
* New upstream release
* Upstream fixed the Qt build bug, so now I can enable Qt
build. (Closes:#307340) It leads two new binary packages
libpoppler0-qt and libpoppler-qt-dev.
* Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the
upstream removal of xpdfrc config.
-- Changwoo Ryu <cwryu@debian.org> Wed, 4 May 2005 00:19:35 +0900
poppler (0.3.0-2) unstable; urgency=high
* Added shlib version info for libpoppler0-glib.
* Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev.
(Closes: #306897)
* Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885)
* Corrected descriptions of -glib packages.
-- Changwoo Ryu <cwryu@debian.org> Thu, 28 Apr 2005 02:41:25 +0900
poppler (0.3.0-1) unstable; urgency=low
* New upstream release (Closes: #306573) * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, which are GLib-based interfaces. Qt interface build is termporarily disabled, because of an upstream FTBFS.
-- Changwoo Ryu <cwryu@debian.org> Thu, 28 Apr 2005 02:07:23 +0900
poppler (0.1.2-1) unstable; urgency=low
* Initial Release (Closes: #299518)
-- Changwoo Ryu <cwryu@debian.org> Tue, 15 Mar 2005 02:08:00 +0900