New Debian qpdf 8.4.0-2+deb10u1 fixes: This update addresses the following issues: 8.4.0-2+deb10u1 (Mon, 28 Aug 2023 19:03:02 +0200) * Non-maintainer upload by the LTS Team. * CVE-2018-18020 crafted files could create recursive calls for a long time, which allows remote attackers to cause a denial of service * CVE-2021-25786 crafted files allow remote attackers to execute arbitrary code * CVE-2021-36978 a heap-based buffer overflow might occur when a certain downstream write fails
--- mirror/ftp/pool/main/q/qpdf/qpdf_8.4.0-2.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/qpdf_8.4.0-2+deb10u1.dsc @@ -1,3 +1,15 @@ +8.4.0-2+deb10u1 [Mon, 28 Aug 2023 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-18020 + crafted files could create recursive calls for a long time, which + allows remote attackers to cause a denial of service + * CVE-2021-25786 + crafted files allow remote attackers to execute arbitrary code + * CVE-2021-36978 + a heap-based buffer overflow might occur when a certain + downstream write fails + 8.4.0-2 [Fri, 08 Feb 2019 17:43:33 -0500] Jay Berkenbilt <qjb@debian.org>: * Stop having library packages recommend binary packages. I'm not sure <http://piuparts.knut.univention.de/5.0-4/#4078991270666018380>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] 64cf0b7436 Bug #56507: qpdf 8.4.0-2+deb10u1 doc/errata/staging/qpdf.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) [5.0-4] e121543854 Bug #56507: qpdf 8.4.0-2+deb10u1 doc/errata/staging/qpdf.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x798>