lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1f6cKp-0006rK-2H@seger.debian.org>
Date: Thu, 12 Apr 2018 13:32:19 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4079-2] poppler regression update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4079-2                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 12, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : poppler
CVE ID         : CVE-2017-9776
Debian Bug     : 890826

It was discovered that the poppler upload for the oldstable distribution
(jessie), released as DSA-4079-1, did not correctly address
CVE-2017-9776 and additionally caused regressions when rendering PDFs
embedding JBIG2 streams. Updated packages are now available to correct
this issue.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.26.5-2+deb8u4.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrPX7hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RTwg/7Bmho3vLAxQs0z/Sn2c4WDLzAlzeQ4g5ObCoWmN/fa+Hn5fDoG5Vi2aaC
MHiG0XRM058pCd6+MOy4QwIt5rZfabLJHbKMlmn7yHDWNYQNDMyo6ILxet1IRled
1uG9ReHemdTxn0zdLKP5BS8ZQDQs1+KIinZApB/8/G+Q2n4ZHjIiOk15cTKP7U7J
xuzS4G+XefLPlyvC26dTq4cTubJ7PUCIEHk5QXUJgu7IONskQEpJhsJu44YnmWMO
V9yNitwiHc0r5YHi3+U6hdPHOd0m88AckVDdhRFHclSUlE8VIGs0s7y0AfAYBwEF
/VA85dkFFS3Y0vRCEgdZxh7j5wt/dYrojqi6c7HjyKC5j9UkrjlBkq3uuBP2A0/t
LVRfmNeJFl3CHMLfuNhklzdGRslUYLemtXR+vVUTLFoN6g5dElHYyo4jzUdkM+GX
uG7bkCPS6ZATCE1Y1PATdeCAFCse/D/PK+tLQc1aE/ZzGodRDkW5RIZ1aFNq8vPx
H4wnQyOGvtC5lP7QxGLlNo7Gm8sbt2tO8NThkWGSWFRRZmrQ5+FYUHRVUgQ03mu5
o6Yi75kcf2TXkkSR5ZEkNR926R3AGOI2aO9ztjqiDNfqnYp29WC/53h+bpcyXFgL
cOoaluc4f3KgAv8v1m12+TuXEtQThUh4D7Tzet1WkvGCsrcMPWQ=
=74Ox
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ