<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Salvatore Bonaccorso pushed to branch master
at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/64e346a97569bb54c8b383afd071b34e54a3eac1">64e346a9</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2018-05-09T21:31:47+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update information for CVE-2018-10768/poppler
The issue was fixed in 0.37 upstream, the first version in unstable of
poppler was accordingly 0.38.0-2.
The upstream fix is
https://cgit.freedesktop.org/poppler/poppler/commit/?id=942adfc25e7a00ac3cf032ced2d8949e99099f70
and a bisect confirms
# broken: [a2f0e4b1fd8b3d9675cc00a561094bd78a63d048] 0.24.5
git bisect broken a2f0e4b1fd8b3d9675cc00a561094bd78a63d048
# fixed: [88415426df363f1ef86b741cbc3587a89d31aa1f] 0.41.0
git bisect fixed 88415426df363f1ef86b741cbc3587a89d31aa1f
# broken: [ce782112746f629a8e7be6f2daf6ece6ab19917d] Merge remote-tracking branch 'origin/poppler-0.26'
git bisect broken ce782112746f629a8e7be6f2daf6ece6ab19917d
# broken: [1aae63ebc6fffe9fa1a2898e4ed733c22e312015] annots: Add popup annots without a markup annot associated to the list of annots
git bisect broken 1aae63ebc6fffe9fa1a2898e4ed733c22e312015
# broken: [de1ece5c929c3f46c04be76b4b72f6371911fd1a] Poppler 0.36
git bisect broken de1ece5c929c3f46c04be76b4b72f6371911fd1a
# fixed: [ef518d601836fcedb8b558447f10c846e4038318] doc: Add poppler_orientation_get_type to poppler-sections.txt
git bisect fixed ef518d601836fcedb8b558447f10c846e4038318
# fixed: [44e1a2f715d0da8bb2941da296faab7ee144cfc2] Poppler 0.37
git bisect fixed 44e1a2f715d0da8bb2941da296faab7ee144cfc2
# fixed: [0fa5c17ea409c3fdfe1e3a97ff5e4bae96da1cae] Fix crash on JBIG2Stream::readHalftoneRegionSeg for malformed documents
git bisect fixed 0fa5c17ea409c3fdfe1e3a97ff5e4bae96da1cae
# broken: [7028f835a603e12dd73452a39f56ac0b633207b2] PageTransition D is a number not an int
git bisect broken 7028f835a603e12dd73452a39f56ac0b633207b2
# broken: [9aa19159bff4db02889cba48b9b31e40247e5314] Catalog::cachePageTree(): recover from out of memory condition
git bisect broken 9aa19159bff4db02889cba48b9b31e40247e5314
# fixed: [942adfc25e7a00ac3cf032ced2d8949e99099f70] Fix crash on AnnotInk::draw for malformed documents
git bisect fixed 942adfc25e7a00ac3cf032ced2d8949e99099f70
# first fixed commit: [942adfc25e7a00ac3cf032ced2d8949e99099f70] Fix crash on AnnotInk::draw for malformed documents
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">
data/CVE/list
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/64e346a97569bb54c8b383afd071b34e54a3eac1#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>
<hr>
No preview for this file type
<br>
</li>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/64e346a97569bb54c8b383afd071b34e54a3eac1">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/64e346a97569bb54c8b383afd071b34e54a3eac1"}}</script>
</p>
</div>
</body>
</html>