UbuntuUpdates.org

Package "poppler"

Name: poppler

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • PDF rendering library (Qt 5 based shared library)
  • PDF rendering library -- development files (Qt 5 interface)

Latest version: 0.74.0-0ubuntu1.3
Release: disco (19.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "poppler": https://www.ubuntuupdates.org/poppler



Other versions of "poppler" in Disco

Repository Area Version
base main 0.74.0-0ubuntu1
base universe 0.74.0-0ubuntu1
security universe 0.74.0-0ubuntu1.3
security main 0.74.0-0ubuntu1.3
updates main 0.74.0-0ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.74.0-0ubuntu1.3 2019-08-12 14:07:46 UTC

  poppler (0.74.0-0ubuntu1.3) disco-security; urgency=medium

  * SECURITY UPDATE: Divide-by-zero error
    - debian/patches/CVE-2019-14494.patch: Fix crash on broken file
      in poppler/SplashOutputDev.cc.
    - CVE-2019-14494

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Aug 2019 14:15:21 -0300

Source diff to previous version
CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutput

Version: 0.74.0-0ubuntu1.2 2019-06-27 17:07:15 UTC

  poppler (0.74.0-0ubuntu1.2) disco-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
      Dict in utils/pdfunite.cc.
    - CVE-2018-20662
  * SECURITY UPDATE: buffer underwrite in ImageStream::getLine()
    - debian/patches/CVE-2019-9200.patch: add check to poppler/Stream.cc.
    - CVE-2019-9200
  * SECURITY UPDATE: buffer over-read in downsample_row_box_filter
    - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
      for box filter in poppler/CairoRescaleBox.cc.
    - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
      rescale filter in poppler/CairoRescaleBox.cc.
    - CVE-2019-9631
  * SECURITY UPDATE: dict marking mishandling
    - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
      in poppler/PDFDoc.cc.
    - CVE-2019-9903
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
      boxes in splash/Splash.cc.
    - CVE-2019-10872
  * SECURITY UPDATE: NULL pointer dereference in SplashClip::clipAALine
    - debian/patches/CVE-2019-10873.patch: make sure the index of
      allIntersections we access is valid in splash/SplashXPathScanner.cc.
    - CVE-2019-10873
  * SECURITY UPDATE: buffer over-read in JPXStream::init
    - debian/patches/CVE-2019-12293.patch: fail gracefully if not all
      components have the same WxH in poppler/JPEG2000Stream.cc.
    - CVE-2019-12293

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 07:16:49 -0400

Source diff to previous version
CVE-2018-20662 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of
CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending
CVE-2019-9631 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9903 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.
CVE-2019-10872 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-10873 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or width

Version: 0.74.0-0ubuntu1.1 2019-05-28 22:06:59 UTC

  poppler (0.74.0-0ubuntu1.1) disco; urgency=medium

  * debian/patches/git_unicode_search.patch:
    - backport a fix for a regression on case-insensitive search
      (lp: #1829785)

 -- Sebastien Bacher <email address hidden> Tue, 21 May 2019 16:30:23 +0200

1829785 Evince: \u221e not found



About   -   Send Feedback to @ubuntu_updates