poppler (0.12.4-1.2+squeeze4) squeeze-lts; urgency=low * Abort after processing libjpeg errors rather than returning the execution to it. (Closes: #722705) -- Raphael Geissert Wed, 30 Jul 2014 16:51:36 +0200 poppler (0.12.4-1.2+squeeze3) oldstable-security; urgency=high * Upload to oldstable-security. -- Michael Gilbert Sun, 07 Jul 2013 18:46:43 +0000 poppler (0.12.4-1.2+squeeze2) stable; urgency=high * Non-maintainer upload by the Security Team. * Fix cve-2013-1788: invalid memory access issues. * Fix cve-2013-1790: uninitialized memory issue. -- Michael Gilbert Fri, 05 Jul 2013 21:25:34 +0000 poppler (0.12.4-1.2+squeeze1) stable; urgency=low * Add myself as uploader. * Fix CVE-2010-0206. * Fix CVE-2010-0207; patch adapted to be API-/ABI-compatible. * Fix CVE-2010-4653; patch adapted to include object.h instead of goo/GooLikely.h (non-existent in poppler 0.12.x). * Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and 55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert; patch upstream_fix-GooString-insert.diff. (Closes: #693817) * Correctly initialize PSOutputDev::fontFileNameLen and PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff. (Closes: #699421) -- Pino Toscano Thu, 14 Feb 2013 13:05:25 +0100 poppler (0.12.4-1.2) unstable; urgency=medium * Non-maintainer upload by the Security Team * Fix CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 and several crashers (Closes:#599165) -- Moritz Mühlenhoff Sat, 23 Oct 2010 15:59:04 +0200 poppler (0.12.4-1.1) unstable; urgency=high * Non-maintainer upload. * Do not conflict with newer versions of xpdf-utils (closes: #586620). -- Michael Gilbert Fri, 06 Aug 2010 18:51:54 -0400 poppler (0.12.4-1) unstable; urgency=low * New upstream release. * Bump Qt requirements. -- Josselin Mouette Fri, 16 Apr 2010 19:22:34 +0200 poppler (0.12.2-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fixed CVE-2009-3938 (Closes: #534680) -- Giuseppe Iuculano Tue, 22 Dec 2009 16:11:27 +0100 poppler (0.12.2-2) unstable; urgency=low * Switch to quilt to manage patches. * 01_revert_abi_change.patch: revert upstream commit that introduced an ABI change in a stable release. Closes: #558463. * 02_autohinting_abi_compatibility.patch: revert part of another upstream commit for a similar reason. -- Josselin Mouette Mon, 30 Nov 2009 16:51:53 +0100 poppler (0.12.2-1) unstable; urgency=low * New upstream release. -- Josselin Mouette Sat, 28 Nov 2009 13:24:28 +0100 poppler (0.12.0-2.1) unstable; urgency=low * Non-maintainer upload. * Include fofi/*.h in /usr/include/poppler/fofi. Closes: #553445. -- Matt Kraai Tue, 10 Nov 2009 19:51:32 -0800 poppler (0.12.0-2) unstable; urgency=low * copyright: add complete list of copyright holders. * Upload to unstable. Hold on to your pants. -- Josselin Mouette Sat, 17 Oct 2009 10:48:03 +0200 poppler (0.12.0-1) experimental; urgency=low * New upstream release. Closes: #530731. * Rename libpoppler4 to libpoppler5. * Bump shlibs versions. -- Josselin Mouette Thu, 24 Sep 2009 16:39:17 +0200 poppler (0.10.6-1) unstable; urgency=critical * Fix section for the debug package. * New upstream release. + Fix problems that happen when parsing broken JBIG2 files. CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188. * Bump libqt4 requirement. * 10_jpxstream_int_crash.patch: removed, upstream has merged a different fix quite a while ago. * Standards version is 3.8.1. -- Josselin Mouette Wed, 01 Apr 2009 18:30:04 +0200 poppler (0.10.5-1) unstable; urgency=low [ Pino Toscano ] * New upstream release, no API nor ABI changes. + Fixes crash when rendering documents with optional content. (Closes: #519494) * Remove lintian override for poppler-dbg, which is no more needed with lintian >= 2.2.1. -- Josselin Mouette Wed, 01 Apr 2009 15:19:53 +0200 poppler (0.10.4-3) unstable; urgency=low * Revert previous upload, now openjpeg was built successfully on alpha. * Build-depend on libglib2.0-doc to ensure proper xrefs. -- Josselin Mouette Tue, 10 Mar 2009 12:03:06 +0100 poppler (0.10.4-2) unstable; urgency=low * Don’t require openjpeg on alpha, since it doesn’t build there. -- Josselin Mouette Sun, 08 Mar 2009 03:33:50 +0100 poppler (0.10.4-1) unstable; urgency=low [ Pino Toscano ] * New upstream stable release, with ABI and API changes wrt poppler 0.8. - Rename libpoppler3 to libpoppler4, libpoppler-glib3 to libpoppler-glib4; libpoppler-qt2 and libpoppler-qt4-3 are not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, and rename install files. - Add shlib version for libpoppler-qt4-3. - Drop patches 60_manpages-cfg-flag.patch, 61_manpages-hyphens.patch, and 62_pdftops-mandatory-arg.patch, merged upstream. * Build-dep on libopenjpeg-dev for better JPEG2000 reading. [ Josselin Mouette ] * Build-depend explicitly on libjpeg-dev, libfreetype6-dev and libxml2-dev. * Bump requirement on libqt4-dev. -- Josselin Mouette Fri, 06 Mar 2009 12:54:09 +0100 poppler (0.8.7-1) unstable; urgency=low * Bump up Standards-Version to 3.8.0. * New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages; FreeDesktop #17225. * New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page to clarify that a PDF file is required in all cases; FreeDesktop #17226; closes: #491816. * Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale for the following lintian warning: W: poppler-dbg: dbg-package-missing-depends poppler * Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1 NMU. * New upstream release; no API change, bug fixes. -- Loic Minier Wed, 20 Aug 2008 17:36:12 +0200 poppler (0.8.6-1) unstable; urgency=low * Fix /usr/share/gtk-doc/html/poppler symlink to point at /usr/share/doc/libpoppler-glib-dev/html/poppler instead of /usr/share/doc/libpoppler-glib-dev/html; LP: #226677. * New upstream stable release; bug fixes, no API change. * New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man pages; FreeDesktop #17222; closes: #461961. * Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't have that many patches; also add upstream bug id (FreeDesktop #5667) and refresh to apply cleanly. * Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in poppler-qt's Libs.private (it already is though); closes: #360595. -- Loic Minier Fri, 01 Aug 2008 15:04:05 +0200 poppler (0.8.5-1) unstable; urgency=low * New upstream release; no API changes, misc fixes. - Initializes pageWidgets in Page.cc, otherwise it can be a rubbish pointer as Annots is not a valid object; upstream commit fd0bf8b05cb155e2f29df31fa01964b12e710b89; CVE-2008-2950; closes: #489756. -- Loic Minier Wed, 30 Jul 2008 14:52:42 +0200 poppler (0.8.4-1) unstable; urgency=low * New upstream release; no API change. - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160. -- Loic Minier Mon, 30 Jun 2008 10:44:16 +0200 poppler (0.8.3-1) unstable; urgency=low * New upstream release. Closes: #487214. + Fix crasher with some PDF files. Closes: #484224. -- Josselin Mouette Wed, 25 Jun 2008 16:40:39 +0200 poppler (0.8.2-2) unstable; urgency=low * Upload to unstable. * Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý but I wish we move to an official team; closes: #481323. -- Loic Minier Thu, 15 May 2008 12:33:18 +0200 poppler (0.8.2-1) experimental; urgency=low * New upstream releases. - Drop patch 006_pthreads_ldflags, upstream now calls ACX_PTHREAD() in configure.ac which does the right thing. - Drop patch 102_embedded-font-fixes, merged upstream. -- Loic Minier Sun, 11 May 2008 01:02:22 +0200 poppler (0.8.0-1) experimental; urgency=low * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks Marc 'HE' Brockschmidt. * New upstream stable release, with ABI and API changes; closes: #476323. - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3, and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename install files. - Drop shlib version except for libpoppler-qt2. - Update patch 006_pthreads_ldflags for the version-info changes in poppler/Makefile.am. - Force usage of qt4's moc via a PATH setting; export PATH. * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency with build-deps. * New patch, 102_embedded-font-fixes; protects the methods of the Object class to be more robust and prevent things like CVE-2008-1693; see also FreeDesktop/Poppler #11392; taken from the Ubuntu package; closes: #476842. * Add a poppler-dbg package; closes: #408403. - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes. - Add poppler-dbg to control. -- Loic Minier Mon, 17 Mar 2008 21:00:13 +0100 poppler (0.6.4-1) unstable; urgency=medium * Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev, libpoppler-qt-dev, libpoppler-qt4-dev. * Add ${misc:Depends}. * Cleanups. * New upstream releases; no API change; bug fixes; closes: #459342. * Fix copyright information to use version 2 of the GPL (instead of version 2 or later); thanks Timo Jyrinki for the patch; closes: #453865. * Urgency medium for RC bug fix. * List pdftohtml in poppler-utils' description; closes: #464439. * Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks Pino Toscano; closes: #459922. * Bump up Standards-Version to 3.7.3. -- Loic Minier Fri, 18 Jan 2008 13:35:06 +0100 poppler (0.6.2-1) unstable; urgency=low * New upstream version. (Closes: #447992) * Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936) * Changes since 0.6.1: - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628) - Fix a crash on documents with wrong CCITTFaxStream - Fix a crash in the Cairo renderer with invalid embedded fonts - Fix a crash with invalid TrueType fonts - Check if font is inside the clip area before rendering it to a temporary bitmap in the Splash renderer. Fixes crashes on incorrect documents - Do not use exit(1) on DCTStream errors - Detect form fields at any depth level - Do not generate appearance stream for radio buttons that are not active -- Ondřej Surý Wed, 14 Nov 2007 11:20:07 +0100 poppler (0.6.1-2) unstable; urgency=low * Upload to unstable. -- Ondřej Surý Tue, 06 Nov 2007 09:07:10 +0100 poppler (0.6.1-1) experimental; urgency=low * New upstream version. * Changes since 0.6.0: - poppler core: + Fix printing with different x and y scale + Fix crash when Form Fields array contains references to non existent objects + Fix crash in CairoOutputDev::drawMaskedImage() + Fix embedded file description not working on some cases - Qt4 frontend: + Fix printing issue + Avoid double free + Fix memory leak when dealing with embedded files - glib frontend: + Fix build with --disable-cairo-output + Do not return unknown field type for signature form fields - build system: + Support automake-1.10 + More compatible sh code in qt.m4 - utils: + Fix build on Sun Studio compiler -- Ondřej Surý Thu, 25 Oct 2007 11:33:04 +0200 poppler (0.6-1) experimental; urgency=low * New upstream release. (Closes: #429700) - merged changes from Ubuntu, courtesy of Sebastien Bacher - Fix security issue MOAB-06-01-2007 - Fix security issue CVE-2007-3387 - Fix security issue CVE-2007-5049 (Closes: #443903) * debian/watch: - update (Closes: #441012) * debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install, debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install, debian/rules: - updated for soname change * debian/libpoppler-glib-dev.install: - install new test-poppler-glib * debian/patches/002_CVE-2006-0301.patch: - dropped, deprecated by the upstream changes * debian/patches/003_glib-2.0-configure.patch: * debian/patches/004_CVE-2007-0104.patch: * debian/patches/005_fix_inverted_text_from_bug_8944.patch: - dropped, fixed with the new version * debian/patches/006_pthreads_ldflags.patch: - updated -- Ondřej Surý Thu, 27 Sep 2007 09:03:33 +0200 poppler (0.5.4-6) unstable; urgency=low * Conflict with old library names from experimental. (Closes: #426023) -- Ondřej Surý Wed, 30 May 2007 08:42:32 +0200 poppler (0.5.4-5) unstable; urgency=low * Add missing poppler/poppler-link-qt3.h header to libpoppler-qt-dev; thanks Sune Vuorela; closes: #425486. * Let libpoppler-qt4-dev depend on libpoppler-qt-dev since some of its headers require poppler-page-transition.h which is clearly from the Qt bindings; thanks Sune Vuorela; closes: #425540. * Wrap build-deps and deps. * Drop useless debian/*.dirs. * Misc cleanups. * Build-dep on autotools-dev and drop bogus lintian overrides. -- Loic Minier Thu, 24 May 2007 23:09:23 +0200 poppler (0.5.4-4) unstable; urgency=low * The "Augean Stables" release. * 0.5.x branch fixes all kind of displaying errors Closes: #372169, #235360, #331380, #332426, #336616 Closes: #402647, #369164, #413953, #343654 * Add versioned conflict to pdftohtml (Closes: #393169) * We dropped .la files some time ago, libjpeg62-dev dependency not needed now (Closes: #413112) * Crash fixed in 0.5.4 (Closes: #418638) * [control.in]: dropped some time ago (Closes: #407818) * NMU 0.5.4-5.1 merged as 004_CVE-2007-0104.patch (Closes: #407810) * 0.5.x uploaded to unstable (Closes: #352522) * qt4 libraries are now part of build (Closes: #414643) * No longer depends on poppler-data (Closes: #389753) * [debian/patches/006_pthreads_ldflags.patch]: + Add -lpthread to poppler/Makefile.am (Closes: #399275) -- Ondřej Surý Wed, 16 May 2007 10:45:39 +0200 poppler (0.5.4-3) unstable; urgency=low * Upload to unstable. * Enable Cairo output again. * Enable gtk-doc build. * Add lintian override for outdated-autotools-helper-files (we use CDBS). * Change shared library packages names according to Library Packaging Guide. * Change ${Source-Version} to ${binary:Version} to allow binNMU * Drop (= ${Source-Version}) dependency in glib, qt3, qt4 libraries; we are adding that from debian/rules * Merge changes from Ubuntu: + Enable Qt4 library build (but change name to libpoppler-qt4-1). + [debian/patches/004_CVE-2007-0104.patch]: - Limit recursion depth of the parsing tree to 100 to avoid infinite loop with crafted documents. - Patch taken from koffice security update (which has a copy of xpdf sources). + [debian/patches/005_fix_inverted_text_from_bug_8944.patch]: - fixes "text is inverted in some PDFs" -- Ondřej Surý Wed, 16 May 2007 08:26:47 +0200 poppler (0.5.4-2) experimental; urgency=low * [debian/control]: poppler-data is non-free, do not depend on it (Closes: #389753) -- Ondřej Surý Mon, 2 Oct 2006 14:41:58 +0200 poppler (0.5.4-1) experimental; urgency=low * New upstrem release. * [debian/control.in]: remove file and add all pkg-freedesktop people to Uploaders: field * [debian/control]: Add dependency on poppler-data package. * [debian/patches/03_glib-2.0-configure.patch]: fix broken configure.ac -- Ondřej Surý Fri, 22 Sep 2006 16:49:17 +0200 poppler (0.5.3-1) experimental; urgency=low * New upstream release. * debian/lib{poppler,poppler-glib,poppler-qt}-dev.install: Stop shipping /usr/lib/*.la in libpoppler*-dev. -- Ondřej Surý Wed, 31 May 2006 17:19:34 +0200 poppler (0.5.2-1) experimental; urgency=low * New upstream release. * Remove patches adopted upstream: debian/patches/000_incorrect_define_fix.patch debian/patches/000_splash_build_fix.patch -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 poppler (0.5.1-1) experimental; urgency=low * Merge back changes from Ubuntu. * Upload to experimental (Closes: 352522) -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 poppler (0.5.1-0ubuntu6) dapper; urgency=low * Install poppler-page-transition into libpoppler-qt-dev (not libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 poppler (0.5.1-0ubuntu5) dapper; urgency=low * debian/patches/000_incorrect_define_fix.patch: - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 poppler (0.5.1-0ubuntu4) dapper; urgency=low * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, because we directly include in GlobalParams.h -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 poppler (0.5.1-0ubuntu3) dapper; urgency=low * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both contain pdftoppm.1.gz. -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 poppler (0.5.1-0ubuntu2) dapper; urgency=low * debian/control.in: - fix the libpoppler1 package description -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 poppler (0.5.1-0ubuntu1) dapper; urgency=low * New upstream version: - Support for embedded files. - Handle 0-width lines correctly. - Avoid external file use when opening fonts. - Only use vector fonts returned from fontconfig (#5758). - Fix scaled 1x1 pixmaps use for drawing lines (#3387). - drawSoftMaskedImage support in cairo backend. - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. * debian/control.in, debian/libpoppler0c2.dirs, debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, debian/libpoppler0c2-qt.install, debian/rules: - updated for the soname change * debian/patches/000_splash_build_fix.patch: - fix build when using splash * debian/patches/001_fixes_for_fonts_selection.patch: - fix with the new version -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 poppler (0.5.0-0ubuntu5) dapper; urgency=low * debian/control.in, debian/rules: - build without libcairo -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 poppler (0.5.0-0ubuntu4) dapper; urgency=low * debian/patches/001_fixes_for_fonts_selection.patch: - change from the CVS, fix some renderings issues and fonts selection -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 poppler (0.5.0-0ubuntu3) dapper; urgency=low * SECURITY UPDATE: Buffer overflow. * Add debian/patches/002_CVE-2006-0301.patch: - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), Splash::xorSpan(): Check coordinates for integer overflow. * CVE-2006-0301 -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 poppler (0.5.0-0ubuntu2) dapper; urgency=low * debian/rules: Bump shlibs version to 0.5.0. -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 poppler (0.5.0-0ubuntu1) dapper; urgency=low * New upstream release 0.5.0, required for new evince 0.5. * Merge with Debian. * Remove patches adopted upstream: - debian/patches/000_add-poppler-utils.patch - debian/patches/002-selection-crash-bug.patch * debian/libpoppler-dev.install: - Install poppler-page-transition.h. - Do not install poppler-config.h, it doesn't exist any more. - Upstream doesn't install legacy xpdf includes any more, fix path to install them into libpoppler-dev. * Add debian/patches/001_jpxstream_int_crash.patch: - poppler/JPXStream.h: Fix declaration of cbW to be signed. JPXStream.cc, readCodeBlockData() negates the value, which results in an invalid value on 64 bit platforms if using unsigned types. - Thanks to Vladimir Nadvornik for pointing at this. -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 poppler (0.4.4-1) unstable; urgency=high * New upstream security release - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 * Remove debian/patches/003-CVE-2005-3624_5_7.patch: - Merged upstream * Remove debian/patches/004-fix-CVE-2005-3192.patch: - Merged upstream * Remove debian/patches/001-relibtoolize.patch - Upstream uses recent libtool -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 poppler (0.4.3-3) unstable; urgency=low * Fix missing libcairo2-dev dependency (Closes: #346277) -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 poppler (0.4.3-2) unstable; urgency=high [ Martin Pitt ] * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). * Add debian/patches/004-fix-CVE-2005-3192.patch: - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. [ Ondřej Surý ] * Merge changes from Ubuntu (Closes: #346076). * Enable Cairo output again. -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 poppler (0.4.3-1) unstable; urgency=high * New upstream release. * New maintainer (Closes: #344738) * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. * Fixed some rendering bugs and disabled Cairo output (Closes: #314556, #322964, #328211) * Acknowledge NMU (Closes: #342288) * Add 001-selection-crash-bug.patch (Closes: #330544) * Add poppler-utils (merge patch from Ubuntu) -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 poppler (0.4.2-1.1) unstable; urgency=high * SECURITY UPDATE: Multiple integer/buffer overflows. * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193 -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 poppler (0.4.2-1) unstable; urgency=low * GNOME Team upload. * New upstream version. * debian/control.in: - updated the Build-Depends on libqt (Closes: #326130). * debian/rules: - updated the shlibs. -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 poppler (0.4.0-1) unstable; urgency=low * GNOME Team Upload. * Rebuild for the CPP transition. * New upstream version (Closes: #311133): - fix some crashers (Closes: #315590, #312261, #309410). - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). * debian/control.in, debian/rules: - build with the current cairo version (Closes: #321368, #318293). - update for the renamed the packages. * debian/patches/01_CAN-2005-2097.patch: - Patch from Ubuntu, thanks Martin Pitt. - Check sanity of the TrueType "loca" table. Specially crafted broken tables caused disk space exhaustion due to very large generated glyph descriptions when attempting to fix the table. - Upstream patch scheduled for xpdf 3.01. - CAN-2005-2097 * debian/watch: - fixed, patch by Jerome Warnier (Closes: #310996). -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 poppler (0.3.1-1) unstable; urgency=low * New upstream release * Upstream fixed the Qt build bug, so now I can enable Qt build. (Closes:#307340) It leads two new binary packages libpoppler0-qt and libpoppler-qt-dev. * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the upstream removal of xpdfrc config. -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 poppler (0.3.0-2) unstable; urgency=high * Added shlib version info for libpoppler0-glib. * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. (Closes: #306897) * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) * Corrected descriptions of -glib packages. -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 poppler (0.3.0-1) unstable; urgency=low * New upstream release (Closes: #306573) * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, which are GLib-based interfaces. Qt interface build is termporarily disabled, because of an upstream FTBFS. -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 poppler (0.1.2-1) unstable; urgency=low * Initial Release (Closes: #299518) -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900