From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1606-1 [email protected] http://www.debian.org/security/ Steve Kemp
July 09, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : poppler
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE 2008-1693
Debian Bug : 476842

It was discovered that poppler, a PDF rendering library, did not
properly handle embedded fonts in PDF files, allowing attackers to
execute arbitrary code via a crafted font object.

For the stable distribution (etch), this problem has been fixed in version 0.4.5-5.1etch3.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.0-1.

We recommend that you upgrade your poppler package.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
Size/MD5 checksum: 757 1560882fd2916cf690dfab5b36caf393
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
Size/MD5 checksum: 484328 8f9c696fb31d332b65515d263b9b29da
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 30352 3a20e8e3a5f60e0c8a676a290e858a61
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 43058 9bb013f968577d9320de44b82e7fd1f1
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 772710 d2b3b2490771162ac139f5246e85b231
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 86580 c396dba838001d108bf56d477f08cd4b
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 34056 5f12b52c57a11f9881e433bb9710acaa
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 55052 fd976b4ba5a06387095fd5ab0eb1ddd3
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum: 504476 19e19093f81f966f0e8e2da723f8e07b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 613694 30e519a2a6a52073527556f7be56e368
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 30656 879a9f7b40b84395dec8667fbaed7a30
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 46070 3fca3fa3a27cd8591e3b654e0063d818
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 41768 0e876f9dde8c94548fb5a5f973d4d1fb
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 456526 1aa5b6834c6605b9c0c89d76c527b085
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 29706 252693ce004ebe4da029cb8cac60c8ad
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum: 83614 4f3e6d766e655a6a6e48ce379853e720

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 40176 c220cbc637a1898a24f3d6facf2334b5
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 81782 513ca3c03a1d48caa5ab2ddd4ada7aed
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 438142 f4b166156f43a8715d2cc8b27c621e53
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 44736 ae0bddb8502ebb76a4f9624dcac81604
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 29436 d43e6939e318a65c9c8e0c16cb02bd38
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 30426 0967f5e7fa741c8cf026ffb763ff014e
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum: 594928 dac70571d0ad3f9a909198b26a28faa4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 540242 df8ce9c4c3a169f9be4e3926d994eee6
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 45668 74f74bfe2617742ead80785c9e11cbad
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 87808 41b1e8124adc89510682a7583c76923c
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_hppa.deb
Size/MD5 checksum: 50304 a811b4590c717572d0e531b1c818f5a4

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)