UbuntuUpdates.org

Package "libpoppler-glib-doc"

Name: libpoppler-glib-doc

Description:

PDF rendering library -- documentation for the GLib interface

Latest version: 0.62.0-2ubuntu2.8
Release: bionic (18.04)
Level: security
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links

Save this URL for the latest version of "libpoppler-glib-doc": https://www.ubuntuupdates.org/libpoppler-glib-doc


Download "libpoppler-glib-doc"


Other versions of "libpoppler-glib-doc" in Bionic

Repository Area Version
base main 0.62.0-2ubuntu2
updates main 0.62.0-2ubuntu2.8

Changelog

Version: 0.62.0-2ubuntu2.8 2019-03-11 13:06:48 UTC

  poppler (0.62.0-2ubuntu2.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9200.patch: fix in
      poppler/Stream.cc.
    - CVE-2019-9200

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:28:47 -0300

Source diff to previous version
CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending

Version: 0.62.0-2ubuntu2.7 2019-02-11 13:06:25 UTC

  poppler (0.62.0-2ubuntu2.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20551.patch: fix in
      poppler/Annot.cc.
    - CVE-2018-20551
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-7310.patch: fix in
      poppler/XRef.cc.
    - CVE-2019-7310

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 09:50:52 -0300

Source diff to previous version
CVE-2018-20551 A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media ann
CVE-2019-7310 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke

Version: 0.62.0-2ubuntu2.6 2019-01-22 15:07:03 UTC

  poppler (0.62.0-2ubuntu2.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20481.patch: fix in
      poppler/XRef.cc.
    - CVE-2018-20481
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20650.patch: fix in
      poppler/FileSpec.cc.
    - CVE-2018-20650

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 10:55:43 -0300

Source diff to previous version
CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi
CVE-2018-20650 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data

Version: 0.62.0-2ubuntu2.5 2018-12-11 18:07:19 UTC

  poppler (0.62.0-2ubuntu2.5) bionic-security; urgency=medium

  * SECURITY REGRESSION: fixing regression in check entry
    - debian/patches/CVE-2018-16646-fix-regression-p1.patch
    - debian/patches/CVE-2018-16646-fix-regression-p2.patch

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Dec 2018 14:14:38 -0300

Source diff to previous version
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo

Version: 0.62.0-2ubuntu2.4 2018-12-04 13:07:01 UTC

  poppler (0.62.0-2ubuntu2.4) bionic-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 30 Nov 2018 14:36:01 -0300

CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo
CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.
CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonst
CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by



About   -   Send Feedback to @ubuntu_updates