Bug#1104287: bookworm-pu: package poppler/22.12.0-2+deb12u1
Adrian Bunk
bunk at debian.org
Mon Apr 28 19:25:11 BST 2025
On Mon, Apr 28, 2025 at 06:47:27PM +0200, Rene Engelhard wrote:
> Hi,
Hi Rene,
> Am 28.04.25 um 11:52 schrieb Adrian Bunk:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bookworm
> > User: release.debian.org at packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: security at debian.org, Debian freedesktop.org maintainers <pkg-freedesktop-maintainers at lists.alioth.debian.org>
> >
> > * CVE-2023-34872: OutlineItem::open crash on malformed files
> > * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
> > * CVE-2025-32364: Floating point exception in PSStack::roll
> > * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
>
> What about https://security-tracker.debian.org/tracker/CVE-2025-43903 ("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."). If one is at it for bookworm anyway..
you missed the last line I've added there earlier today:
Might cause regression: https://bugzilla.suse.com/show_bug.cgi?id=1241620#c3
> Regards,
>
>
> Rene
cu
Adrian
More information about the Pkg-freedesktop-maintainers
mailing list