Bug#1104287: bookworm-pu: package poppler/22.12.0-2+deb12u1
Rene Engelhard
rene at debian.org
Mon Apr 28 17:47:27 BST 2025
Hi,
Am 28.04.25 um 11:52 schrieb Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian.org at packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security at debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers at lists.alioth.debian.org>
>
> * CVE-2023-34872: OutlineItem::open crash on malformed files
> * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
> * CVE-2025-32364: Floating point exception in PSStack::roll
> * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
What about https://security-tracker.debian.org/tracker/CVE-2025-43903 ("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."). If one is at it for bookworm anyway..
Regards,
Rene
More information about the Pkg-freedesktop-maintainers
mailing list