-
qpdf (11.5.0-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: heap overflow via std::__shared_count()
- debian/patches/CVE-2024-24246.patch: handle parse error stream data
in libqpdf/QPDF_json.cc, qpdf/qpdf.testcov, qpdf/qtest/*.
- CVE-2024-24246
-- Marc Deslauriers <email address hidden> Wed, 20 Mar 2024 10:40:27 -0400
-
qpdf (11.5.0-1ubuntu1) mantic; urgency=medium
* Fix data loss bug introduced in 11.0.0 and fixed in 11.6.3. The bug
causes the qpdf tokenizer to discard the character after a one-digit
or two-digit quoted octal string. Most writers don't create these, and
they are rare outside of content streams. By default, qpdf doesn't
parse content streams. The most common place for this to occur would
be in a document's /ID string, but in the worst case, this bug could
cause silent damage to some strings in a PDF file's metadata, such as
bookmark names or form field values. (LP: #2039804)
-- Jay Berkenbilt <email address hidden> Thu, 19 Oct 2023 07:20:25 -0400
-
qpdf (11.5.0-1) unstable; urgency=medium
* New upstream release.
* Bump standards to 4.6.2. No changes required
-- Jay Berkenbilt <email address hidden> Sun, 09 Jul 2023 10:42:20 -0400
-
qpdf (11.4.0-1) experimental; urgency=medium
* New upstream release.
-- Till Kamppeter <email address hidden> Sun, 21 May 2023 18:01:52 -0400
-
qpdf (11.3.0-1) unstable; urgency=medium
* New upstream release.
-- Jay Berkenbilt <email address hidden> Sat, 25 Feb 2023 17:24:01 -0500