UbuntuUpdates.org

Package "libpoppler-glib-doc"

Name: libpoppler-glib-doc

Description:

PDF rendering library -- documentation for the GLib interface

Latest version: 0.68.0-0ubuntu1.6
Release: cosmic (18.10)
Level: updates
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links

Save this URL for the latest version of "libpoppler-glib-doc": https://www.ubuntuupdates.org/libpoppler-glib-doc


Download "libpoppler-glib-doc"


Other versions of "libpoppler-glib-doc" in Cosmic

Repository Area Version
base main 0.68.0-0ubuntu1
security main 0.68.0-0ubuntu1.6

Changelog

Version: 0.68.0-0ubuntu1.6 2019-03-11 14:06:54 UTC

  poppler (0.68.0-0ubuntu1.6) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9200.patch: fix in
      poppler/Stream.cc.
    - CVE-2019-9200

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 12:47:51 -0300

Source diff to previous version
CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending

Version: 0.68.0-0ubuntu1.5 2019-02-11 14:06:29 UTC

  poppler (0.68.0-0ubuntu1.5) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20551.patch: fix in
      poppler/Annot.cc.
    - CVE-2018-20551
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-7310.patch: fix in
      poppler/XRef.cc.
    - CVE-2019-7310

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 12:12:49 -0300

Source diff to previous version
CVE-2018-20551 A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media ann
CVE-2019-7310 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke

Version: 0.68.0-0ubuntu1.4 2019-01-22 16:07:10 UTC

  poppler (0.68.0-0ubuntu1.4) cosmic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20481.patch: fix in
      poppler/XRef.cc.
    - CVE-2018-20481
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20650.patch: fix in
      poppler/FileSpec.cc.
    - CVE-2018-20650

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 09:54:17 -0300

Source diff to previous version
CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi
CVE-2018-20650 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data

Version: 0.68.0-0ubuntu1.3 2018-12-11 19:07:14 UTC

  poppler (0.68.0-0ubuntu1.3) cosmic-security; urgency=medium

  * SECURITY REGRESSION: fixing regression in check entry
    - debian/patches/CVE-2018-16646-fix-regression-p1.patch
    - debian/patches/CVE-2018-16646-fix-regression-p2.patch

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Dec 2018 15:46:44 -0300

Source diff to previous version
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo

Version: 0.68.0-0ubuntu1.2 2018-12-04 14:06:54 UTC

  poppler (0.68.0-0ubuntu1.2) cosmic-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 03 Dec 2018 13:14:23 -0300

CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo
CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.
CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonst
CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by



About   -   Send Feedback to @ubuntu_updates