[tlbuild] heads-up for another poppler library problem
Nelson H. F. Beebe
beebe at math.utah.edu
Thu Apr 12 17:53:25 CEST 2018
This just appeared on the debian-security-announce at lists.debian.org
list, and may be relevant for some of the platforms on which TeX Live
2018 is being built:
>> ...
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-4079-2 security at debian.org
>> https://www.debian.org/security/ Salvatore Bonaccorso
>> April 12, 2018 https://www.debian.org/security/faq
>> - -------------------------------------------------------------------------
>>
>> Package : poppler
>> CVE ID : CVE-2017-9776
>> Debian Bug : 890826
>>
>> It was discovered that the poppler upload for the oldstable distribution
>> (jessie), released as DSA-4079-1, did not correctly address
>> CVE-2017-9776 and additionally caused regressions when rendering PDFs
>> embedding JBIG2 streams. Updated packages are now available to correct
>> this issue.
>>
>> For the oldstable distribution (jessie), this problem has been fixed
>> in version 0.26.5-2+deb8u4.
>>
>> We recommend that you upgrade your poppler packages.
>>
>> For the detailed security status of poppler please refer to its security
>> tracker page at:
>>
>> https://security-tracker.debian.org/tracker/poppler
>> ...
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: beebe at math.utah.edu -
- 155 S 1400 E RM 233 beebe at acm.org beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
More information about the tlbuild
mailing list