Hi,

Am 28.04.25 um 11:52 schrieb Adrian Bunk:
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: secur...@debian.org, Debian freedesktop.org maintainers 
<pkg-freedesktop-maintain...@lists.alioth.debian.org>

   * CVE-2023-34872: OutlineItem::open crash on malformed files
   * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
   * CVE-2025-32364: Floating point exception in PSStack::roll
   * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine

What about https://security-tracker.debian.org/tracker/CVE-2025-43903 
("NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the 
adbe.pkcs7.sha1 signatures on documents, resulting in potential signature 
forgeries."). If one is at it for bookworm anyway..


Regards,


Rene

Reply via email to