Bug#1104287: bookworm-pu: package poppler/22.12.0-2+deb12u1

Rene Engelhard Mon, 28 Apr 2025 09:51:12 -0700

Hi,

Am 28.04.25 um 11:52 schrieb Adrian Bunk:

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: secur...@debian.org, Debian freedesktop.org maintainers 
<pkg-freedesktop-maintain...@lists.alioth.debian.org>


   * CVE-2023-34872: OutlineItem::open crash on malformed files
   * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
   * CVE-2025-32364: Floating point exception in PSStack::roll
   * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine


What about https://security-tracker.debian.org/tracker/CVE-2025-43903 
("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the 
adbe.pkcs7.sha1 signatures on documents, resulting in potential signature 
forgeries."). If one is at it for bookworm anyway..


Regards,


Rene

Bug#1104287: bookworm-pu: package poppler/22.12.0-2+deb12u1

Reply via email to