(https://nvd.nist.gov/vuln/detail/CVE-2018-20650): A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Upstream Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 Gentoo Security Padawan (domhnall)
We'll use this one for stabilisation
Bumping to app-text/poppler-0.74.0.
Arches, please stabilise!
amd64 stable
arm64 stable
sparc stable
hppa stable
ppc64 stable
ppc stable
x86 stable
arm stable
alpha stable
s390 stable
ia64 stable. all arches stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=645f5890750786bb8d3853c2746d9955a92096e5 commit 645f5890750786bb8d3853c2746d9955a92096e5 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-03-02 20:21:08 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-03-02 20:21:08 +0000 app-text/poppler: Security cleanup Bug: https://bugs.gentoo.org/674666 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-text/poppler/Manifest | 4 - app-text/poppler/files/poppler-0.68.0-bool.patch | 36 ------- app-text/poppler/poppler-0.68.0.ebuild | 127 ----------------------- app-text/poppler/poppler-0.71.0.ebuild | 127 ----------------------- app-text/poppler/poppler-0.72.0.ebuild | 127 ----------------------- app-text/poppler/poppler-0.73.0.ebuild | 127 ----------------------- 6 files changed, 548 deletions(-)
Security, please proceed.