dgit.raspbian.org Git - poppler.git/log

Juraj Šarinay [Thu, 6 Mar 2025 01:02:56 +0000 (02:02 +0100)]

Properly verify adbe.pkcs7.sha1 signatures.

For signatures with non-empty encapsulated content
(typically adbe.pkcs7.sha1), we only compared hash values and
never actually checked SignatureValue within SignerInfo.
The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
made trivial signature forgeries possible. Fix this by calling
NSS_CMSSignerInfo_Verify() after the hash values compare equal.

Origin: upstream 25.04.0

Gbp-Pq: Name CVE-2025-43903.patch

commit | commitdiff | tree

Albert Astals Cid [Mon, 31 Mar 2025 12:35:49 +0000 (14:35 +0200)]

[PATCH] Move isOk check to inside JBIG2Bitmap::combine

Origin: upstream 25.04

Gbp-Pq: Name CVE-2025-32365.patch

commit | commitdiff | tree

Albert Astals Cid [Sun, 23 Mar 2025 23:44:54 +0000 (00:44 +0100)]

[PATCH] PSStack::roll: Protect against doing int = -INT_MIN

Origin: upstream 25.04

Gbp-Pq: Name CVE-2025-32364.patch

commit | commitdiff | tree

Jeremy Bícha [Mon, 28 Jul 2025 08:55:12 +0000 (10:55 +0200)]

poppler (25.03.0-5) unstable; urgency=high

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via reference count overflow
    - debian/patches/CVE-2025-52886.patch: limit amount of annots per
      document/page in poppler/Annot.cc, poppler/Page.cc.
    - CVE-2025-52886 (Closes: #1108784)

[dgit import unpatched poppler 25.03.0-5]

commit | commitdiff | tree

Jeremy Bícha [Mon, 28 Jul 2025 08:55:12 +0000 (10:55 +0200)]

Import poppler_25.03.0-5.debian.tar.xz

[dgit import tarball poppler 25.03.0-5 poppler_25.03.0-5.debian.tar.xz]

commit | commitdiff | tree

Jeremy Bícha [Tue, 4 Mar 2025 21:22:49 +0000 (16:22 -0500)]

Import poppler_25.03.0.orig.tar.xz

[dgit import orig poppler_25.03.0.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom