On Mon, Apr 28, 2025 at 06:47:27PM +0200, Rene Engelhard wrote: > Hi, Hi Rene,
> Am 28.04.25 um 11:52 schrieb Adrian Bunk: > > Package: release.debian.org > > Severity: normal > > Tags: bookworm > > User: [email protected] > > Usertags: pu > > X-Debbugs-Cc: [email protected], Debian freedesktop.org maintainers > > <[email protected]> > > > > * CVE-2023-34872: OutlineItem::open crash on malformed files > > * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine > > * CVE-2025-32364: Floating point exception in PSStack::roll > > * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine > > What about https://security-tracker.debian.org/tracker/CVE-2025-43903 > ("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the > adbe.pkcs7.sha1 signatures on documents, resulting in potential signature > forgeries."). If one is at it for bookworm anyway.. you missed the last line I've added there earlier today: Might cause regression: https://bugzilla.suse.com/show_bug.cgi?id=1241620#c3 > Regards, > > > Rene cu Adrian
