UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Oracular Plucky Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesproposedbackportsbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

poppler Apr 30th 00:07
Release: plucky Repo: universe Level: updates New version: 25.03.0-3ubuntu1
Packages in group:  libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (25.03.0-3ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:56:25 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: plucky Repo: main Level: updates New version: 25.03.0-3ubuntu1
Packages in group:  gir1.2-poppler-0.18 libpoppler147 libpoppler-cpp2 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (25.03.0-3ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:56:25 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: oracular Repo: universe Level: updates New version: 24.08.0-1ubuntu0.3
Packages in group:  libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (24.08.0-1ubuntu0.3) oracular-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 15:03:15 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: oracular Repo: main Level: updates New version: 24.08.0-1ubuntu0.3
Packages in group:  gir1.2-poppler-0.18 libpoppler140 libpoppler-cpp1 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (24.08.0-1ubuntu0.3) oracular-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 15:03:15 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: noble Repo: universe Level: updates New version: 24.02.0-1ubuntu9.4
Packages in group:  libpoppler-glib-dev libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (24.02.0-1ubuntu9.4) noble-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:17 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: noble Repo: main Level: updates New version: 24.02.0-1ubuntu9.4
Packages in group:  gir1.2-poppler-0.18 libpoppler134 libpoppler-cpp0t64 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (24.02.0-1ubuntu9.4) noble-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:17 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: jammy Repo: universe Level: updates New version: 22.02.0-2ubuntu0.8
Packages in group:  libpoppler-qt5-1 libpoppler-qt5-dev

  poppler (22.02.0-2ubuntu0.8) jammy-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:10 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: jammy Repo: main Level: updates New version: 22.02.0-2ubuntu0.8
Packages in group:  gir1.2-poppler-0.18 libpoppler118 libpoppler-cpp0v5 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (22.02.0-2ubuntu0.8) jammy-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:10 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: focal Repo: universe Level: updates New version: 0.86.1-0ubuntu1.7
Packages in group:  libpoppler-qt5-1 libpoppler-qt5-dev

  poppler (0.86.1-0ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:57:30 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 30th 00:07
Release: focal Repo: main Level: updates New version: 0.86.1-0ubuntu1.7
Packages in group:  gir1.2-poppler-0.18 libpoppler97 libpoppler-cpp0v5 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (0.86.1-0ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:57:30 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 29th 23:07
Release: plucky Repo: universe Level: security New version: 25.03.0-3ubuntu1
Packages in group:  libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (25.03.0-3ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:56:25 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 29th 23:07
Release: plucky Repo: main Level: security New version: 25.03.0-3ubuntu1
Packages in group:  gir1.2-poppler-0.18 libpoppler147 libpoppler-cpp2 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (25.03.0-3ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:56:25 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 29th 23:07
Release: oracular Repo: universe Level: security New version: 24.08.0-1ubuntu0.3
Packages in group:  libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (24.08.0-1ubuntu0.3) oracular-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 15:03:15 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

poppler Apr 29th 23:07
Release: oracular Repo: main Level: security New version: 24.08.0-1ubuntu0.3
Packages in group:  gir1.2-poppler-0.18 libpoppler140 libpoppler-cpp1 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-dev libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (24.08.0-1ubuntu0.3) oracular-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 15:03:15 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

libxml2 Apr 29th 23:07
Release: oracular Repo: main Level: security New version: 2.12.7+dfsg-3ubuntu0.3
Packages in group:  libxml2-dev libxml2-doc libxml2-utils

  libxml2 (2.12.7+dfsg-3ubuntu0.3) oracular-security; urgency=medium

  * SECURITY UPDATE: OOB access in python API
    - debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with
      character streams in python/drv_libxml2.py.
    - debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters
      in python/libxml.c.
    - debian/patches/CVE-2025-32414-2.patch: add a test in
      python/tests/Makefile.am, python/tests/unicode.py.
    - CVE-2025-32414
  * SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables
    - debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in
      xmlSchemaIDCFillNodeTables in xmlschemas.c.
    - CVE-2025-32415

 -- Marc Deslauriers <email address hidden> Thu, 24 Apr 2025 14:42:32 -0400
CVE-2025-32414 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect
CVE-2025-32415 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a


About   -   Send Feedback to @ubuntu_updates