[Git][java-team/libitext-java][master] 2 commits: Patch for infinite loop in PDF traversal CVE-2021-37819 (Closes: #1059318)

Sat Dec 23 05:41:06 GMT 2023


Tony Mancill pushed to branch master at Debian Java Maintainers / libitext-java


Commits:
3c1c0e46 by tony mancill at 2023-12-22T21:30:47-08:00
Patch for infinite loop in PDF traversal CVE-2021-37819 (Closes: #1059318)

- - - - -
a522237c by tony mancill at 2023-12-22T21:36:37-08:00
Prepare changelog for upload

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/07_CVE-2021-37819.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+libitext-java (2.1.7-16) unstable; urgency=medium
+
+  * Team upload.
+  * Patch for infinite loop in PDF traversal (Closes: #1059318)
+    Addresses CVE-2021-37819
+
+ -- tony mancill <tmancill at debian.org>  Fri, 22 Dec 2023 21:31:38 -0800
+
 libitext-java (2.1.7-15) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/patches/07_CVE-2021-37819.patch
=====================================
@@ -0,0 +1,19 @@
+Description: CVE-2021-37819 infinite loop during PDF page traversal
+Origin: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21/commits
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059318
+
+--- a/core/com/lowagie/text/pdf/PdfReader.java
++++ b/core/com/lowagie/text/pdf/PdfReader.java
+@@ -3322,6 +3322,12 @@
+                             kidsPR.remove(k);
+                         break;
+                     }
++                    int rpageObjectNumber = rpage.getNumber();
++                    PRIndirectReference kidObjIndirectRef = (PRIndirectReference)obj;
++                    int kidObjectNumber = kidObjIndirectRef.getNumber();
++                    if (rpageObjectNumber == kidObjectNumber) {
++                        throw new InvalidPdfException("Invalid reference on Kids: " + kidObjectNumber);
++                    }
+                     iteratePages((PRIndirectReference)obj);
+                 }
+                 popPageAttributes();


=====================================
debian/patches/series
=====================================
@@ -5,3 +5,4 @@
 encoding.patch
 05_primitive-wrappers.patch
 06_bouncycastle_1.77.patch
+07_CVE-2021-37819.patch



View it on GitLab: https://salsa.debian.org/java-team/libitext-java/-/compare/e8344ee7d5d42cf1993085993c530103d19839ef...a522237cf31369edd478eeaa1809ed55ed57f063

-- 
View it on GitLab: https://salsa.debian.org/java-team/libitext-java/-/compare/e8344ee7d5d42cf1993085993c530103d19839ef...a522237cf31369edd478eeaa1809ed55ed57f063
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20231223/2ded3071/attachment.htm>
