[SECURITY] [DSA 4079-2] poppler regression update

From: Salvatore Bonaccorso <carnil@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4079-2] poppler regression update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4079-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 12, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : poppler
CVE ID         : CVE-2017-9776
Debian Bug     : 890826

It was discovered that the poppler upload for the oldstable distribution
(jessie), released as DSA-4079-1, did not correctly address
CVE-2017-9776 and additionally caused regressions when rendering PDFs
embedding JBIG2 streams. Updated packages are now available to correct
this issue.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.26.5-2+deb8u4.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrPX7hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RTwg/7Bmho3vLAxQs0z/Sn2c4WDLzAlzeQ4g5ObCoWmN/fa+Hn5fDoG5Vi2aaC
MHiG0XRM058pCd6+MOy4QwIt5rZfabLJHbKMlmn7yHDWNYQNDMyo6ILxet1IRled
1uG9ReHemdTxn0zdLKP5BS8ZQDQs1+KIinZApB/8/G+Q2n4ZHjIiOk15cTKP7U7J
xuzS4G+XefLPlyvC26dTq4cTubJ7PUCIEHk5QXUJgu7IONskQEpJhsJu44YnmWMO
V9yNitwiHc0r5YHi3+U6hdPHOd0m88AckVDdhRFHclSUlE8VIGs0s7y0AfAYBwEF
/VA85dkFFS3Y0vRCEgdZxh7j5wt/dYrojqi6c7HjyKC5j9UkrjlBkq3uuBP2A0/t
LVRfmNeJFl3CHMLfuNhklzdGRslUYLemtXR+vVUTLFoN6g5dElHYyo4jzUdkM+GX
uG7bkCPS6ZATCE1Y1PATdeCAFCse/D/PK+tLQc1aE/ZzGodRDkW5RIZ1aFNq8vPx
H4wnQyOGvtC5lP7QxGLlNo7Gm8sbt2tO8NThkWGSWFRRZmrQ5+FYUHRVUgQ03mu5
o6Yi75kcf2TXkkSR5ZEkNR926R3AGOI2aO9ztjqiDNfqnYp29WC/53h+bpcyXFgL
cOoaluc4f3KgAv8v1m12+TuXEtQThUh4D7Tzet1WkvGCsrcMPWQ=
=74Ox
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.