Bug#822616: jessie-pu: package poppler/0.26.5-2+deb8u1

Mon, 25 Apr 2016 10:18:34 -0700 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

simple jessie-pu for poppler, just fixed in unstable, which fixes
CVE-2015-8868; attached debdiff.

I guess I need to do binary uploads in (old-)stable, right?

Thanks,
-- 
Pino

diff -Nru poppler-0.26.5/debian/changelog poppler-0.26.5/debian/changelog
--- poppler-0.26.5/debian/changelog	2014-10-19 18:24:18.000000000 +0200
+++ poppler-0.26.5/debian/changelog	2016-04-25 19:02:20.000000000 +0200
@@ -1,3 +1,11 @@
+poppler (0.26.5-2+deb8u1) stable; urgency=medium
+
+  * Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix
+    a crash on invalid files, reported also as CVE-2015-8868; patch
+    upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578)
+
+ -- Pino Toscano <p...@debian.org>  Mon, 25 Apr 2016 19:02:11 +0200
+
 poppler (0.26.5-2) unstable; urgency=medium
 
   * Backport upstream commit 01723aa17e836e818158dbdc56df642a290be300 to map
diff -Nru poppler-0.26.5/debian/patches/series poppler-0.26.5/debian/patches/series
--- poppler-0.26.5/debian/patches/series	2014-10-19 17:45:40.000000000 +0200
+++ poppler-0.26.5/debian/patches/series	2016-04-25 18:39:35.000000000 +0200
@@ -1,2 +1,3 @@
 upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch
 qt-visibility.diff
+upstream_Do-not-crash-on-invalid-files.patch
diff -Nru poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch
--- poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch	1970-01-01 01:00:00.000000000 +0100
+++ poppler-0.26.5/debian/patches/upstream_Do-not-crash-on-invalid-files.patch	2016-04-25 18:39:35.000000000 +0200
@@ -0,0 +1,28 @@
+From b3425dd3261679958cd56c0f71995c15d2124433 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aa...@kde.org>
+Date: Tue, 22 Dec 2015 22:50:33 +0100
+Subject: [PATCH] Do not crash on invalid files
+
+Bug #93476
+---
+ poppler/Function.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/poppler/Function.cc b/poppler/Function.cc
+index 67283df..ee5afc1 100644
+--- a/poppler/Function.cc
++++ b/poppler/Function.cc
+@@ -577,6 +577,10 @@ ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) {
+       goto err2;
+     }
+     n = obj1.arrayGetLength();
++    if (unlikely(n > funcMaxOutputs)) {
++      error(errSyntaxError, -1, "Function's C0 array is wrong length");
++      n = funcMaxOutputs;
++    }
+     for (i = 0; i < n; ++i) {
+       obj1.arrayGet(i, &obj2);
+       if (!obj2.isNum()) {
+-- 
+2.8.0.rc3
+

Reply via email to