This grafts the upstream patch to fix CVE-2015-8868 [0]. I tested some of Poppler's dependents, and they seem to work.
So, I would usually just apply this without emailing. But since several hundred packages depend on Poppler, I want some confirmation that the graft is working as expected and won't require a huge number of packages to be rebuilt. Feed requested! [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8868 http://seclists.org/oss-sec/2016/q2/139 Leo Famulari (1): gnu: poppler: Fix CVE-2015-8868. gnu/local.mk | 1 + gnu/packages/patches/poppler-CVE-2015-8868.patch | 30 ++++++++++++++++++++++++ gnu/packages/pdf.scm | 8 +++++++ 3 files changed, 39 insertions(+) create mode 100644 gnu/packages/patches/poppler-CVE-2015-8868.patch -- 2.7.4
