Your message dated Sat, 10 May 2025 15:47:09 +0000
with message-id <e1udmpt-00dnlf...@fasolo.debian.org>
and subject line Bug#1102190: fixed in poppler 22.12.0-2+deb12u1
has caused the Debian Bug report #1102190,
regarding poppler: CVE-2025-32364
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1102190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: poppler
Version: 25.03.0-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for poppler.
CVE-2025-32364[0]:
| A floating-point exception in the PSStack::roll function of Poppler
| before 25.04.0 can cause an application to crash when handling
| malformed inputs associated with INT_MIN.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-32364
https://www.cve.org/CVERecord?id=CVE-2025-32364
[1] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
[2]
https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poppler
Source-Version: 22.12.0-2+deb12u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1102...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 12 Apr 2025 21:26:36 +0300
Source: poppler
Architecture: source
Version: 22.12.0-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian freedesktop.org maintainers
<pkg-freedesktop-maintain...@lists.alioth.debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1042811 1091322 1102190 1102191
Changes:
poppler (22.12.0-2+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* CVE-2023-34872: OutlineItem::open crash on malformed files
(Closes: #1042811)
* CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
(Closes: #1091322)
* CVE-2025-32364: Floating point exception in PSStack::roll
(Closes: #1102190)
* CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
(Closes: #1102191)
Checksums-Sha1:
f218e1dbf1a9c9c9ddb1256471f1016b801c5977 3425 poppler_22.12.0-2+deb12u1.dsc
28bba6fd877ada1629d5e093d7b1d3701a6bb36f 1845856 poppler_22.12.0.orig.tar.xz
35b000fed7089f9c9665b756324d4695acfaa2d3 39244
poppler_22.12.0-2+deb12u1.debian.tar.xz
Checksums-Sha256:
d4523d5b9cf49d9b8d9e9a167279f49b872997658ed3b91b4a365a3263a508df 3425
poppler_22.12.0-2+deb12u1.dsc
d9aa9cacdfbd0f8e98fc2b3bb008e645597ed480685757c3e7bc74b4278d15c0 1845856
poppler_22.12.0.orig.tar.xz
0f06f63abca6d66ef7a65f4e6b59014d124939a27f31752e740af6bbf7037b1b 39244
poppler_22.12.0-2+deb12u1.debian.tar.xz
Files:
a996daa0df51f0539c34d551cbdd7b21 3425 devel optional
poppler_22.12.0-2+deb12u1.dsc
39b6a69eceba6adb8afbcee8d47385fd 1845856 devel optional
poppler_22.12.0.orig.tar.xz
d8f1572de7216150c89bf62d28a6343c 39244 devel optional
poppler_22.12.0-2+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgfLlMACgkQiNJCh6LY
mLEJjBAAo10dvm25OSjcfHD8NrmbF2/3gPbUaVJAKJHl0YCdv7lgjMmP5ncI7Mkt
+hdccxppf+o0GKDbgLSD1W3Sf1+rxxmdAUa5Xyr45+w8T/AaMb0L64r76SmcRvSQ
cR3ahJ6OUtDAHvvu7rzvu6nTJM9fra2UlcAuqtW+LwhvQGcrB0Iu8D7GTcYNMhGK
XPORgIriDbq5X1mPi0HlGAJfxp5LKCV6FX/ZBIEuF+e1J1lter7+K8e5ZwI+GbRC
Cz5aqwvwP1jaVPvxoQcGeZEsU91Sor4Vsa76SKzXFRVcQOR2gqN5dQslz+sXnyfv
6j1I6rfaygo+qxbHUQuWZ7JjOnZcFwx+tjXcTfJ+TOVTXavP42trBHpBNmDdIkKl
EvvKFeD8QfNaaDZm6lo3mAH6IDn58jezbaH1gpW/2sSyXW+AXaJAlvOJv8sgKINq
Q5Sf0drgeak22ajW2gxLiuabBRJoXXALInA6r0WObkHGcY12JIsJdHpNLQCSu4ta
V66vAcyoHXyf73fp+9I0sTqnNirQd2lCEWya0kYP/E+cZBgg7fV9NNQsN9jBU5Br
OgVZYo4LNOvUYTJ89OzD2mZ4jXitzsJtteLHVjxzpQi3540nji4IHklb7dSktHC5
ThDLD9nXisob9KADLCyaS6W7t7rJB+GZEQ8nAJIggo1/q4UUQII=
=pP3C
-----END PGP SIGNATURE-----
pgpREEgmfr1G8.pgp
Description: PGP signature
--- End Message ---
