Debian Bug report logs -
#926530
poppler: CVE-2019-10872
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>:
Bug#926530; Package src:poppler.
(Sat, 06 Apr 2019 15:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>.
(Sat, 06 Apr 2019 15:51:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: poppler
Version: 0.71.0-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/750
Control: found -1 0.48.0-1
Control: found -1 0.48.0-2+deb9u2
Hi,
The following vulnerability was published for poppler.
CVE-2019-10872[0]:
| An issue was discovered in Poppler 0.74.0. There is a heap-based
| buffer over-read in the function Splash::blitTransparent at
| splash/Splash.cc.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-10872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872
[1] https://gitlab.freedesktop.org/poppler/poppler/issues/750
[2] https://bugzilla.novell.com/show_bug.cgi?id=1131722
Regards,
Salvatore
Marked as found in versions poppler/0.48.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Sat, 06 Apr 2019 15:51:05 GMT) (full text, mbox, link).
Marked as found in versions poppler/0.48.0-2+deb9u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Sat, 06 Apr 2019 15:51:05 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 16 May 2019 19:30:06 GMT) (full text, mbox, link).
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Mon, 27 May 2019 21:36:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 27 May 2019 21:36:03 GMT) (full text, mbox, link).
Message #16 received at 926530-close@bugs.debian.org (full text, mbox, reply):
Source: poppler
Source-Version: 0.71.0-5
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 926530@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 May 2019 22:51:48 +0200
Source: poppler
Binary: gir1.2-poppler-0.18 libpoppler-cpp-dev libpoppler-cpp0v5 libpoppler-cpp0v5-dbgsym libpoppler-dev libpoppler-glib-dev libpoppler-glib-doc libpoppler-glib8 libpoppler-glib8-dbgsym libpoppler-private-dev libpoppler-qt5-1 libpoppler-qt5-1-dbgsym libpoppler-qt5-dev libpoppler82 libpoppler82-dbgsym poppler-utils poppler-utils-dbgsym
Architecture: source amd64 all
Version: 0.71.0-5
Distribution: unstable
Urgency: medium
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
gir1.2-poppler-0.18 - GObject introspection data for poppler-glib
libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface)
libpoppler-cpp0v5 - PDF rendering library (CPP shared library)
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface
libpoppler-glib8 - PDF rendering library (GLib-based shared library)
libpoppler-private-dev - PDF rendering library -- private development files
libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library)
libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface)
libpoppler82 - PDF rendering library
poppler-utils - PDF utilities (based on Poppler)
Closes: 926530 929423
Changes:
poppler (0.71.0-5) unstable; urgency=medium
.
* CVE-2018-10872 (Closes: #926530)
* CVE-2019-12293 (Closes: #929423)
Checksums-Sha1:
ef0f005b6a4beca7881d91ec31f7442c2f27e71d 3290 poppler_0.71.0-5.dsc
aa9a1bdeaa67c62bf25dea1b11f2b46abc3b9559 39792 poppler_0.71.0-5.debian.tar.xz
263f0ee515ccdc084b3ab79d13b7a7f7518beabc 38056 gir1.2-poppler-0.18_0.71.0-5_amd64.deb
0a36abb081a395d3cf0d2e5d73851ce28ba5c1c0 28520 libpoppler-cpp-dev_0.71.0-5_amd64.deb
646f6ba5981d396c81d7c8b99c3c8467b4f55210 805160 libpoppler-cpp0v5-dbgsym_0.71.0-5_amd64.deb
e0f0e4224ab3dbf1a2ae7be563f4f43bcac7931b 52480 libpoppler-cpp0v5_0.71.0-5_amd64.deb
1a2978a70b7269d17635fac2408f5ff83ec01e50 23736 libpoppler-dev_0.71.0-5_amd64.deb
964896c5c6368f603bcfc19aeed6315422e97292 68516 libpoppler-glib-dev_0.71.0-5_amd64.deb
da5c55210307274b0b95b24be87e48138770a806 91528 libpoppler-glib-doc_0.71.0-5_all.deb
c5222b9b66f3ef507fc75a0737ae38746aab294e 1686332 libpoppler-glib8-dbgsym_0.71.0-5_amd64.deb
b5cc1b638909a61a64192d148ed4821efabb885a 124688 libpoppler-glib8_0.71.0-5_amd64.deb
3df508a8b67e50797c42ea6cf3a192772bcae7cd 187440 libpoppler-private-dev_0.71.0-5_amd64.deb
49e83fe120cc0aed9e4ed8a2b4b57b75a608ca81 4290056 libpoppler-qt5-1-dbgsym_0.71.0-5_amd64.deb
bc7d6bbdd8e4da140cbd989554aa5b09cb0120cf 157648 libpoppler-qt5-1_0.71.0-5_amd64.deb
a15942b087dd72f115922d4aa4c7261af3b524f8 52000 libpoppler-qt5-dev_0.71.0-5_amd64.deb
df87dc4cc706abff1178d5dd519b1ee231002929 7751808 libpoppler82-dbgsym_0.71.0-5_amd64.deb
bd003bafe34e4865e5175e0b5c0b9bf600171112 1506548 libpoppler82_0.71.0-5_amd64.deb
14ddc9b984a9882626d6222f02983388faa85561 2942836 poppler-utils-dbgsym_0.71.0-5_amd64.deb
66733055a7ec6b2d80e36ed6520486d6bf1eb56e 184268 poppler-utils_0.71.0-5_amd64.deb
d4bd80b80cefddeb0b384fc538b11898a4358466 18368 poppler_0.71.0-5_amd64.buildinfo
Checksums-Sha256:
4d6ade0a08aea864c8f5beb1e621cf04b68237064352b7dc4162a75abb45866e 3290 poppler_0.71.0-5.dsc
0e70d8bcd9deb7ff07e998aa5541ea6a95ade8fd1aac9bdbdae02a0585eb6757 39792 poppler_0.71.0-5.debian.tar.xz
dd153f088010b87ca850ccb0724a61cfb848328f82b2606a628071e6549bad87 38056 gir1.2-poppler-0.18_0.71.0-5_amd64.deb
843f86986bbdfb0b184b8d2648c65e1af347907bd021d351fbd30c520c09cc00 28520 libpoppler-cpp-dev_0.71.0-5_amd64.deb
995fb3158da493f1822a3aabd12d8c5cb968558a094680a998bcfd424cdea32b 805160 libpoppler-cpp0v5-dbgsym_0.71.0-5_amd64.deb
f306ae1b40f0e45ecf2f010f2db3eb48fadc689da19ac454773bfc16e28fcde7 52480 libpoppler-cpp0v5_0.71.0-5_amd64.deb
8d751677c2b27d4bbb228d0935bf9959f4c7b9bc6bd9b124a22e4c1c9789b802 23736 libpoppler-dev_0.71.0-5_amd64.deb
41bd2dd0af3a2577dd98912f7af5c07e3fdbebd59f894d8a9d6ab8f87058964c 68516 libpoppler-glib-dev_0.71.0-5_amd64.deb
dfb3d6df288d2e52ab8ca5921f60b6290637566342cbea7dc896cce45fe9353c 91528 libpoppler-glib-doc_0.71.0-5_all.deb
160f89281ece885eb8f53f7512fafccfebb5290e9b17bb367e3696fbefe8c5f5 1686332 libpoppler-glib8-dbgsym_0.71.0-5_amd64.deb
3a63046ec519b8cf326a29e4fa95ff33e5c0f252953df212ffad871a58e4a024 124688 libpoppler-glib8_0.71.0-5_amd64.deb
7c0325ef0e60845f5c42f6fcfbbd30c150de97fbc8327d1cf632d0adf309f95a 187440 libpoppler-private-dev_0.71.0-5_amd64.deb
fa6c4aeffbc6602cde85d2030937fad08df16ee85a3f2363610e236e3f611ca6 4290056 libpoppler-qt5-1-dbgsym_0.71.0-5_amd64.deb
a6c5f9fe56baadb5c0c75dbec1e8f893244a0b0feea4c2ae70eda773af70bb43 157648 libpoppler-qt5-1_0.71.0-5_amd64.deb
f0a7a58f823b5a5fc5b09ba28b5602b6230902cae7c0d9c34e035ece5ef05539 52000 libpoppler-qt5-dev_0.71.0-5_amd64.deb
b1b8fa3229d94a7291fb23cb1420eb8ae658ceabe01e268b03edb89ce4d51af5 7751808 libpoppler82-dbgsym_0.71.0-5_amd64.deb
803a32bab6406429fefe53b9502386e2f831a347562eddf490b2a4c5b6fb410f 1506548 libpoppler82_0.71.0-5_amd64.deb
bedb06eaad46ece9bcfee7ec0a6c43fbb10ded62851b76586a20cbd37d3769cd 2942836 poppler-utils-dbgsym_0.71.0-5_amd64.deb
8a9a66203a42fe532118c154a67d626b84862cdcabe1db144218af2bdc65fa3a 184268 poppler-utils_0.71.0-5_amd64.deb
1b956516d16b3e5be881f7ba50477b5cd469f566af75d0910e5a1c4e4d5909f4 18368 poppler_0.71.0-5_amd64.buildinfo
Files:
cea484a824faa14bab2716e25de50088 3290 devel optional poppler_0.71.0-5.dsc
4b5901b38914c6b307108c7e81cb2685 39792 devel optional poppler_0.71.0-5.debian.tar.xz
4c151721b672dcf1417142f3cb220436 38056 introspection optional gir1.2-poppler-0.18_0.71.0-5_amd64.deb
4da764fa6256915fdf336461feaed695 28520 libdevel optional libpoppler-cpp-dev_0.71.0-5_amd64.deb
559cb0fc17f5aa62dae32c29b3c429f8 805160 debug optional libpoppler-cpp0v5-dbgsym_0.71.0-5_amd64.deb
84f47c27bed1f8cee827d39993d4ea48 52480 libs optional libpoppler-cpp0v5_0.71.0-5_amd64.deb
41a399ad5bd26a51e7d5eee08c429bca 23736 libdevel optional libpoppler-dev_0.71.0-5_amd64.deb
68ccd949b1a583be6e94add4960fcbd4 68516 libdevel optional libpoppler-glib-dev_0.71.0-5_amd64.deb
929c8ffe21b7b1d590781617712e6774 91528 doc optional libpoppler-glib-doc_0.71.0-5_all.deb
877abcb4e947052fa834703ba3ddaea7 1686332 debug optional libpoppler-glib8-dbgsym_0.71.0-5_amd64.deb
01b4707c2cfb0431e274aba99a23850e 124688 libs optional libpoppler-glib8_0.71.0-5_amd64.deb
ef20064043a612c8a8e571e4e5ffc766 187440 libdevel optional libpoppler-private-dev_0.71.0-5_amd64.deb
de5e01e05f90c2e86e64e4007264eb5c 4290056 debug optional libpoppler-qt5-1-dbgsym_0.71.0-5_amd64.deb
27db99c27dd71c9b294cdb3799e44025 157648 libs optional libpoppler-qt5-1_0.71.0-5_amd64.deb
a0202d6e1b772ddde198e89eadf0f128 52000 libdevel optional libpoppler-qt5-dev_0.71.0-5_amd64.deb
e5df2829cc028d57159184882c0a6315 7751808 debug optional libpoppler82-dbgsym_0.71.0-5_amd64.deb
92cdac9096a4b152be2acb80c43b2350 1506548 libs optional libpoppler82_0.71.0-5_amd64.deb
1b1621dc3bc4c77e3a070bb9afda3365 2942836 debug optional poppler-utils-dbgsym_0.71.0-5_amd64.deb
a09565b0c5b1622a4064ee376e18d7be 184268 utils optional poppler-utils_0.71.0-5_amd64.deb
d596c218eae63fc45eeb916984dc288d 18368 devel optional poppler_0.71.0-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzsVJMACgkQEMKTtsN8
TjYhaBAAgaKJCDvuX22bBR3zMZkIIDBza0pGQVYIi+GvILefRgI/E9srEECXVxJr
JHyc1LNkpDN0N103QAlcDHs1lMmV7104bWieaVHyeDXdGjta7iKTMUVjOuyj+5H7
0z13OhnSie4cp/UJchEuV9BPymR1kQ5SIylOi4bamrtt3t2XQTGLlj7Aa3XdpPmp
zbPrIhAHu9NVPI+7UX7BH971I2EsKUiTQRXVJN7v1JUuWY30v2T/8w0f2o5zd8GP
J4lMof6qlHYvOdFzA6xTiMjm35IbDbabwpgV1wbqLZxtQhiGgPt7xgQ8rFcVR+cl
bLzevt19MGEZEitFgRhGuhvIrb0xDK+cZxQQb9FZOuU8iOiUI+fy7uX8aiHwMTPX
nGNzC8y7HLYH7jgkM4VeG3cEoeGsgA5L+Pb12qy53r+reacj7njso1HXHF2rhTX8
GC1S/25C9fHVkOa/VDdIx1vJS5QRIv7vciTXfbMiiRvtnXgC7pfIdah4VbYHJT7z
gagRQkNpdhbX9PsWd9wBkqs6BKDrLsESI+0JydYBNtv0egt0AqgiDsCPn32+xIVx
hSI42Up4x7WXl3HNDRu9kULzJFlIvjyjVDzI3DIeGMkKEzxlLCHd5ucIRCvBYNI9
aWpGGGpaFsNKsfh4eiStkQpNfRwj5+06RuGxrFYz/NPRmenQuNc=
=0qsc
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:10:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon