Hello Dhiraj, or anyone else affected, Accepted poppler into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: poppler (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference Status in poppler package in Ubuntu: Fix Committed Status in poppler source package in Bionic: Fix Committed Status in poppler source package in Cosmic: Fix Committed Bug description: * Impact Evince segfaults on some pdf documents * Test case Download and try to open https://bugs.freedesktop.org/attachment.cgi?id=138927 with evince, it shouldn't segfault * Regression potential Nothing special to test, make sure evince still opens pdfs without issue ----------------------------- System Info: Linux zero 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Evince version: GNOME Document Viewer 3.28.4 While fuzzing evince v3.28.4, on linux 4.15.0-38-generic (Ubuntu 18.04 LTS), a null-pointer dereference was observed, initially this was reported to evince but the evince team advised that the issue is in poppler, the library used by evince to render PDF, poppler version: 0.62.0-2ubuntu2.2 is vulnerable to null-pointer dereference, however the issue is already fixed in poppler 0.70, but this will still crash your evince v3.28.4 in ubuntu if poppler is not updated to v.0.70. Fuzzing result showing a very important vulnerability in a package currently shipped by a major Linux distribution is still of interest, even if that Linux distribution does not package the latest released upstream version. I think Ubuntu is still using, Source: poppler Version: 0.62.0-2ubuntu2.2 So, most of the systems will be affected to this issue. Upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/664 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
