← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output

 

This bug was fixed in the package poppler - 0.62.0-2ubuntu2.12

---------------
poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with SPLASH_CMYK=ON as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 26 Nov 2020
10:55:59 -0500

** Changed in: poppler (Ubuntu Bionic)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10871

** Changed in: poppler (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1905741

Title:
  poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates
  break Splash output

Status in poppler package in Ubuntu:
  Invalid
Status in poppler source package in Xenial:
  Fix Released
Status in poppler source package in Bionic:
  Fix Released

Bug description:
  The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break
  the Splash output rendering, for example if using the xpdf utility
  that relies on Poppler splash output, or as used by the GDAL library
  (the issue was detected due to breakage in GDAL continuous integration
  tests)

  I've traced the root cause to those security updates enabling in
  'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and
  -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11)

  Building without CMYK restore poppler in a working state. It should be
  noted that even on the upstream 0.41.0 version, enabling CMYK result
  in a non-functional build, so it is not related to the patches applied
  on top of it, but really on enabling CMYK

  The issue can be verified with "xpdf test_ogc_bp.pdf" with the
  attached test_ogc_bp.pdf file. With the new packages, xpdf crashes,
  whereas with older ones it displays a 20x20 greyscale image.

  Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when
  installing the "gdal-bin" package, that currently errors out with a
  message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match
  raster size (20x20)"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions