Hi,
Am 28.04.25 um 11:52 schrieb Adrian Bunk:
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: secur...@debian.org, Debian freedesktop.org maintainers
<pkg-freedesktop-maintain...@lists.alioth.debian.org>
* CVE-2023-34872: OutlineItem::open crash on malformed files
* CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
* CVE-2025-32364: Floating point exception in PSStack::roll
* CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
What about https://security-tracker.debian.org/tracker/CVE-2025-43903
("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the
adbe.pkcs7.sha1 signatures on documents, resulting in potential signature
forgeries."). If one is at it for bookworm anyway..
Regards,
Rene