[SECURITY] [DLA 1963-1] poppler security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : poppler
Version : 0.26.5-2+deb8u12
CVE ID : CVE-2019-9959 CVE-2019-10871
Two buffer allocation issues were identified in poppler.
CVE-2019-9959
An unexpected negative length value can cause an integer
overflow, which in turn making it possible to allocate a large
memory chunk on the heap with size controlled by an attacker.
CVE-2019-10871
The RGB data are considered CMYK data and hence it reads 4 bytes
instead of 3 bytes at the end of the image. The fixed version
defines SPLASH_CMYK which is the upstream recommended solution.
For Debian 8 "Jessie", these problems have been fixed in version
0.26.5-2+deb8u12.
We recommend that you upgrade your poppler packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl2oB/kACgkQKpJZkldk
SvoF0Q/+OjXoWEtdIsbvkbkzBpRRTmQtp79lDyqsZl9A5M7Mt6XeHhxFjuOjF6rt
Zja0XcoinSoR6O8yKfAFRdD3WDJSWkHMK7yTIwMKYBoIv7nX9k6aPK006iYI1LUY
NaBFemG9sH91UoFdnZYt/bD6zvFKrJSNZeH0AkYf3iS6NX1uYUxEWBenM/+QjBAU
r6pfD/r2lfzj5h2RcGIqKpx2/Nxm8xgUKHp/GwDW17lLFNapWfpHpg4481WXe7eU
AViltQs9fIR6vCxZK4tK0e8r7M7K9PzqdEjwtLQ1Efl8yDl08PLPK0AJshvpvASW
EL0TW+dx+mJRrSgijhjKHc1LlnM0Tl7lqXbJFKO9pn2raLjgI/M8ZvDGbTQB3WCB
3H7bdC6VFzL8W390pyCHjSsmKINv9Qi2a81KhB8/X2cRdN5OauOEKw1xYE8SkC/t
w4BFJ3K/DyoPJ9EaftFJUhZPbG89zpmukPp/FSowN7DzDrdOSiRBJQGr1VblAGBU
D5s2QW2p3cOlLkWF6gBsyJvW6T3F6IQ/JGf8OR+dBfY4NghHMvLylSbgQl+4BvW1
VmJgK4vXi9wnjPTjRR34F16IPsU0tE6J8cbn2SAC+PyufScDZFeD84KTUHJfhXdy
LOPCTv+X0KPlSIm325keFHMJqCH7tlFS0qqPWcfC+4bMcBocAsY=
=Es0+
-----END PGP SIGNATURE-----
Reply to: