Debian Bug report logs - #599165
poppler: Several security issues

version graph

Package: poppler; Maintainer for poppler is Loic Minier <lool@dooz.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Tue, 5 Oct 2010 09:00:01 UTC

Severity: grave

Tags: security

Fixed in versions 0.8.7-4, poppler/0.12.4-1.2

Done: Moritz Mühlenhoff <jmm@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Loic Minier <lool@dooz.org>:
Bug#599165; Package poppler. (Tue, 05 Oct 2010 09:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Loic Minier <lool@dooz.org>. (Tue, 05 Oct 2010 09:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: poppler: Several security issues
Date: Tue, 05 Oct 2010 10:58:05 +0200
Package: poppler
Severity: grave
Tags: security
Justification: user security hole

Please apply the following patches referenced in the following
link for Squeeze, Lenny will be dealt with by the Security Team:
http://secunia.com/advisories/41596/ 

Most of them are crashers (analysis was done by Tomas Hoger of
Red Hat), which are not treated as security issues, but the 
following have had CVE IDs assigned:

> e853106b58 is uninitialized pointer use flaw.  Pointer value may be
> controlled by PDF content, hence if pointed to attacker-controlled
> memory, code execution may be possible via virtual method call.  This
> should date back to very old xpdf versions.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

Use CVE-2010-3702

> bf2055088a seems similar to the above one.  Pointer is to the class that
> has not virtual methods, but may be used to corrupt memory.  This should
> only affect poppler versions after b1d4efb082.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f

Use CVE-2010-3703

> 39d140bfc0 array indexing error / underflow.  On platforms where atoi can
> return negative result, this can allow out-of-array-bounds write.  Code
> appears in old xpdf versions too.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473

Use CVE-2010-3704

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)




Bug Marked as fixed in versions 0.8.7-4. Request was from Gerfried Fuchs <rhonda@debian.at> to control@bugs.debian.org. (Wed, 13 Oct 2010 11:36:04 GMT) Full text and rfc822 format available.

Reply sent to Moritz Mühlenhoff <jmm@debian.org>:
You have taken responsibility. (Sat, 23 Oct 2010 21:03:23 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 23 Oct 2010 21:03:23 GMT) Full text and rfc822 format available.

Message #12 received at 599165-close@bugs.debian.org (full text, mbox):

From: Moritz Mühlenhoff <jmm@debian.org>
To: 599165-close@bugs.debian.org
Subject: Bug#599165: fixed in poppler 0.12.4-1.2
Date: Sat, 23 Oct 2010 21:02:50 +0000
Source: poppler
Source-Version: 0.12.4-1.2

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

libpoppler-dev_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-dev_0.12.4-1.2_amd64.deb
libpoppler-glib-dev_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-glib-dev_0.12.4-1.2_amd64.deb
libpoppler-glib4_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-glib4_0.12.4-1.2_amd64.deb
libpoppler-qt-dev_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-qt-dev_0.12.4-1.2_amd64.deb
libpoppler-qt2_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-qt2_0.12.4-1.2_amd64.deb
libpoppler-qt4-3_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-qt4-3_0.12.4-1.2_amd64.deb
libpoppler-qt4-dev_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler-qt4-dev_0.12.4-1.2_amd64.deb
libpoppler5_0.12.4-1.2_amd64.deb
  to main/p/poppler/libpoppler5_0.12.4-1.2_amd64.deb
poppler-dbg_0.12.4-1.2_amd64.deb
  to main/p/poppler/poppler-dbg_0.12.4-1.2_amd64.deb
poppler-utils_0.12.4-1.2_amd64.deb
  to main/p/poppler/poppler-utils_0.12.4-1.2_amd64.deb
poppler_0.12.4-1.2.diff.gz
  to main/p/poppler/poppler_0.12.4-1.2.diff.gz
poppler_0.12.4-1.2.dsc
  to main/p/poppler/poppler_0.12.4-1.2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 599165@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Oct 2010 15:59:04 +0200
Source: poppler
Binary: libpoppler5 libpoppler-dev libpoppler-glib4 libpoppler-glib-dev libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-3 libpoppler-qt4-dev poppler-utils poppler-dbg
Architecture: source amd64
Version: 0.12.4-1.2
Distribution: unstable
Urgency: medium
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib4 - PDF rendering library (GLib-based shared library)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
 libpoppler-qt2 - PDF rendering library (Qt 3 based shared library)
 libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
 libpoppler5 - PDF rendering library
 poppler-dbg - PDF rendering library - detached debugging symbols
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 599165
Changes: 
 poppler (0.12.4-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team
   * Fix CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 and several crashers
     (Closes:#599165)
Checksums-Sha1: 
 56e7ada548e29d796d4de50ce5006ddfe5779b43 1617 poppler_0.12.4-1.2.dsc
 66b756ae5b12c5bdb91a5f082f9543255e895364 21681 poppler_0.12.4-1.2.diff.gz
 425cf690aeb168932413a2e09ed764b914097e65 961420 libpoppler5_0.12.4-1.2_amd64.deb
 80a43c4b38c8b3a10457b850a24c4f625c57989d 1266686 libpoppler-dev_0.12.4-1.2_amd64.deb
 5ed7fc3aa8e0f6c30da3237de96069df631994f1 308298 libpoppler-glib4_0.12.4-1.2_amd64.deb
 3283c3dd5b5c9f5bb7c1c3b1c5c33243673daf3c 382042 libpoppler-glib-dev_0.12.4-1.2_amd64.deb
 6a5b3416c04798019fe152a9d241459b051f298f 258546 libpoppler-qt2_0.12.4-1.2_amd64.deb
 f7972ea32b952ed10ee7a82d60e33811a4b87971 265756 libpoppler-qt-dev_0.12.4-1.2_amd64.deb
 aebc135c80ccbfea87b2d3575ee4283d59f199b4 405918 libpoppler-qt4-3_0.12.4-1.2_amd64.deb
 d538bb0005b8a76b9805d5a0b2886641d1148a71 461268 libpoppler-qt4-dev_0.12.4-1.2_amd64.deb
 18a28c19378b6f91dc465ab1ff7c2bf92f93fbbc 313996 poppler-utils_0.12.4-1.2_amd64.deb
 e69b7a6e1d6a472ec77a975a98d82a29b741af77 3587422 poppler-dbg_0.12.4-1.2_amd64.deb
Checksums-Sha256: 
 3af3508917d3f1b52aa410d9f32cb89b656a51809cddabc332cfe01f2bd41484 1617 poppler_0.12.4-1.2.dsc
 09e63f0ef0e0240025ee66f1fe671c1361cc333a3d2847c3ca17107cb83e84c4 21681 poppler_0.12.4-1.2.diff.gz
 dfe5d4280585bbc374c43e53e6b80175ee8f7f4ca57669500351178b65849baa 961420 libpoppler5_0.12.4-1.2_amd64.deb
 4edba751734af4b19257ac4cf609abeb5124484a945d28493fd53066551669a0 1266686 libpoppler-dev_0.12.4-1.2_amd64.deb
 20b165d81daa8e9994062f74fa2cb7c6d44fb51671c5e3c0598bd3fd44cd2417 308298 libpoppler-glib4_0.12.4-1.2_amd64.deb
 3109d3fed4815e973d1682858e8da11616c70dcc3d5c6035e08521268cf27921 382042 libpoppler-glib-dev_0.12.4-1.2_amd64.deb
 245edf9bc0a457edcec1ac0527f1fa6e3327e8ce97b88de598d36303c3412ef2 258546 libpoppler-qt2_0.12.4-1.2_amd64.deb
 b1cd2ed9dc2cd9a8dfb59029c41531eb82a8958579860ea2c747521ee073105a 265756 libpoppler-qt-dev_0.12.4-1.2_amd64.deb
 710ff24fb7b4fa0749e6a4069e288e2c27365236f285d8f36b70d2a27dcc29d0 405918 libpoppler-qt4-3_0.12.4-1.2_amd64.deb
 dc712ad63962ebd809088e91a1117952514205f81353aa71797ddee739f12b7b 461268 libpoppler-qt4-dev_0.12.4-1.2_amd64.deb
 0110075c07ec9b32772ca4505984a27f5fe6329e23ac23b6f38a223f505a125a 313996 poppler-utils_0.12.4-1.2_amd64.deb
 b228c1b4f0b3031b9cf2188c0b63e9dd9a926d4147ab922078cb6a8c0516ce2e 3587422 poppler-dbg_0.12.4-1.2_amd64.deb
Files: 
 ae7276d97f58b4229d0cf46f855cff2d 1617 devel optional poppler_0.12.4-1.2.dsc
 07601ff868a4b0a5292bde27933e6f0b 21681 devel optional poppler_0.12.4-1.2.diff.gz
 bb7de733045a2f149c37147755da1409 961420 libs optional libpoppler5_0.12.4-1.2_amd64.deb
 5e4df1d1956e7628723b8ad3b5e7169a 1266686 libdevel optional libpoppler-dev_0.12.4-1.2_amd64.deb
 76ba82cc3a298745c19dcd87c1c922e7 308298 libs optional libpoppler-glib4_0.12.4-1.2_amd64.deb
 6fcfa89ebea73e7c50dbafe9dd61979c 382042 libdevel optional libpoppler-glib-dev_0.12.4-1.2_amd64.deb
 29d06075ce2f5e12c1a77d9fb4c67019 258546 libs optional libpoppler-qt2_0.12.4-1.2_amd64.deb
 c80328bf9c83fb0773ac948c19745047 265756 libdevel optional libpoppler-qt-dev_0.12.4-1.2_amd64.deb
 5b115e4bc368c9218b18dde2c690b4b0 405918 libs optional libpoppler-qt4-3_0.12.4-1.2_amd64.deb
 870b6d04de3937cfa20423dc9bcda5a1 461268 libdevel optional libpoppler-qt4-dev_0.12.4-1.2_amd64.deb
 4e72576fd60ede89abf23f1cf6db78b0 313996 utils optional poppler-utils_0.12.4-1.2_amd64.deb
 640d9aec891dd1046056545665658c4d 3587422 debug extra poppler-dbg_0.12.4-1.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzDStgACgkQXm3vHE4uyloggACgutkHF53UNH5l/Y7GlEKxaFSb
J4oAoM9+8rDER5TPXEuNdRgWHD8t+57d
=p/mY
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Nov 2010 07:32:51 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:16:36 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.