From carnil at debian.org  Tue Aug  5 21:41:13 2025
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Tue, 05 Aug 2025 22:41:13 +0200
Subject: Bug#1110463: poppler: CVE-2025-50420
Message-ID: <175442647319.1083762.4367921172833167099.reportbug@eldamar.lan>

Source: poppler
Version: 25.03.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerability was published for poppler.

CVE-2025-50420[0]:
| An issue in the pdfseparate utility of freedesktop poppler v25.04.0
| allows attackers to cause an infinite recursion via supplying a
| crafted PDF file. This can lead to a Denial of Service (DoS).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-50420
    https://www.cve.org/CVERecord?id=CVE-2025-50420
[1] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1613
[2] https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1849
[3] https://gitlab.freedesktop.org/poppler/poppler/-/commit/08d7894e4dd0e313c179e30f06ad8f546619b1b3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore


From yang.wang at windriver.com  Tue Aug  5 22:42:46 2025
From: yang.wang at windriver.com (Wang, Yang (Young))
Date: Tue, 5 Aug 2025 21:42:46 +0000
Subject: About CVE-2025-50420 in poppler
Message-ID: <SJ2PR11MB8299E49E52E28B8BCD706AA6FB22A@SJ2PR11MB8299.namprd11.prod.outlook.com>

Dear Debian freedesktop.org maintainers,

I'm working on Debian contributions.

https://security-tracker.debian.org/tracker/CVE-2025-50420

Do you think this important CVE issue is worth fixing in Trixie/Sid? And if yes, would you merge it if I provide a patch?

Thanks,
-Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20250805/118e60ae/attachment.htm>

From ftpmaster at ftp-master.debian.org  Thu Aug  7 17:33:37 2025
From: ftpmaster at ftp-master.debian.org (Debian FTP Masters)
Date: Thu, 07 Aug 2025 16:33:37 +0000
Subject: Processing of xdg-terminal-exec_0.13.2-1_source.changes
Message-ID: <E1uk3Yf-009CZp-30@usper.debian.org>

xdg-terminal-exec_0.13.2-1_source.changes uploaded successfully to localhost
along with the files:
  xdg-terminal-exec_0.13.2-1.dsc
  xdg-terminal-exec_0.13.2.orig.tar.gz
  xdg-terminal-exec_0.13.2-1.debian.tar.xz
  xdg-terminal-exec_0.13.2-1_source.buildinfo

Greetings,

	Your Debian queue daemon (running on host usper.debian.org)


From ftpmaster at ftp-master.debian.org  Thu Aug  7 17:50:17 2025
From: ftpmaster at ftp-master.debian.org (Debian FTP Masters)
Date: Thu, 07 Aug 2025 16:50:17 +0000
Subject: xdg-terminal-exec_0.13.2-1_source.changes ACCEPTED into unstable
Message-ID: <E1uk3on-00Ctc4-0n@fasolo.debian.org>

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Aug 2025 12:27:04 -0400
Source: xdg-terminal-exec
Built-For-Profiles: noudeb
Architecture: source
Version: 0.13.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers at lists.alioth.debian.org>
Changed-By: Jeremy B?cha <jbicha at ubuntu.com>
Changes:
 xdg-terminal-exec (0.13.2-1) unstable; urgency=medium
 .
   [ Jeremy B?cha ]
   * New upstream release
   * Lower x-terminal-emulator from Depends to Suggests
     and remove explicit alternates
 .
   [ Alessandro Astone ]
   * debian: Set default Ubuntu terminal to Ptyxis
Checksums-Sha1:
 035c1c9639374d0a54392821f8570b04d25c6f54 2139 xdg-terminal-exec_0.13.2-1.dsc
 7d4c1e61f62c1225215833b36ef27295d78a4529 42582 xdg-terminal-exec_0.13.2.orig.tar.gz
 152c7b9b3ac241b005c78acdd940dda3adbdad0d 2636 xdg-terminal-exec_0.13.2-1.debian.tar.xz
 0a66838478993d31db4652b58a437f0db25762ef 6968 xdg-terminal-exec_0.13.2-1_source.buildinfo
Checksums-Sha256:
 8a715f46e2a8ab06fe030a8144d45cebb0f78fd237310d72b75029b1fff01bce 2139 xdg-terminal-exec_0.13.2-1.dsc
 67b03c5a1c8b093a9262e58c94fa8add71c87ce9f4b55dce3d4ccf1f03638c63 42582 xdg-terminal-exec_0.13.2.orig.tar.gz
 208462a2f5ebc19ef7900de628b70987f3c0555568ab2adb8d62dc53a2369bfd 2636 xdg-terminal-exec_0.13.2-1.debian.tar.xz
 a403a1e6d1fe9617bba34324e61a84fc3714cf7bfc4b49a4118e250ea036f867 6968 xdg-terminal-exec_0.13.2-1_source.buildinfo
Files:
 f529310c2c8ad0e1965efe87b8eaf5c8 2139 x11 optional xdg-terminal-exec_0.13.2-1.dsc
 299f2d058422d8b68e9e332ec7ddca07 42582 x11 optional xdg-terminal-exec_0.13.2.orig.tar.gz
 ac12c794e7dcc4516ce08c8d15605fbe 2636 x11 optional xdg-terminal-exec_0.13.2-1.debian.tar.xz
 df189239c53f002e259f807934cd3567 6968 x11 optional xdg-terminal-exec_0.13.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmiU1A0ACgkQ5mx3Wuv+
bH3gAg/9HvCddrL1SasAK38A88/Gq4Uj5sKixwKmnaMum7owS/0rw0dvdJ0XRZLu
akXsye0T5j/Dc/NmF1TwX9fQrx5t4/16BqBXyY+i2hasc+KVmEbgVNsXuo84RYrI
5YUDESX/BjevwnaUgDuVpg9Zd6tkpac7nx1r1No4nNUomQYkuA/69/KNgVtwlp3K
sfq4wfSFHUIVau/uF5nyccsSX+SFNyz4eigQIrt7p6pyLd5AIPuM4TFqqQgDpfgM
kPQpt+hRMYVf8neJssPLP2RfCnquJTvdzZTYOSy3duoA8ZRHHUE6njbInIntIox2
3pkYQg/FENaUupwPCztYrPmkfTnp74pGJr3LitxlhhkbHXbuD8MBkN+dy2xNfiOl
POT8fbgQTQsAfUO3ywlD+hsgYVm1NUx5UsL0ZaneaOrqMrzXmUWBLz54h2hipavQ
BpL86e6lKOiMLIdbHr0QZfzdFP/In2GxX6erFgcepmsBEduQb7hEzaKe0hFdXBop
JbE356u5C8Za+u2RcZt2zKMBcDSypWmOP00RKHISvV+NrbL/Q23SJblyrHfpKf9W
cAFiSEktilSMxoKcFw8NHbxUMNqOLlj8CmAh1y4bsoYIAPAflDiKwHD7ve6CeKEq
CXm2oWjQkJvG+tOBrORFZ3CowKSeW7OzRkWBpyENXCUkcskfh1Y=
=e41p
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20250807/f4ca339a/attachment.sig>