diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index cf33f128c..96f7b14a2 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,32 @@ +Fri Feb 9 21:48:09 UTC 2024 +patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Fixed a bug in the ICCBased color space parser that was allowing the number + of components to be zero. Thanks to huckleberry for the bug report. + Fixed a bug in the ICCBased color space parser that was allowing the number + of components to be zero. Thanks to huckleberry for the bug report. + Added checks for PDF object loops in AcroForm::scanField(), + Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). + The zero-width character problem can also happen if the page size is very + large -- that needs to be limited too, the same way as character position + coordinates. Thanks to jlinliu for the bug report. + Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for + the bug report. + Fix a deadlock when an object stream's length field is contained in another + object stream. Thanks to Jiahao Liu for the bug report. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-2662 + https://www.cve.org/CVERecord?id=CVE-2023-2662 + https://www.cve.org/CVERecord?id=CVE-2018-7453 + https://www.cve.org/CVERecord?id=CVE-2018-16369 + https://www.cve.org/CVERecord?id=CVE-2022-36561 + https://www.cve.org/CVERecord?id=CVE-2022-41844 + https://www.cve.org/CVERecord?id=CVE-2023-2663 + https://www.cve.org/CVERecord?id=CVE-2023-2664 + https://www.cve.org/CVERecord?id=CVE-2023-3044 + https://www.cve.org/CVERecord?id=CVE-2023-3436 + (* Security fix *) ++--------------------------+ Thu Feb 8 22:17:18 UTC 2024 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded. This is a bugfix release that addresses (among other things) an |