Opened 7 months ago

Closed 7 months ago

Last modified 7 months ago

#14454 closed enhancement (fixed)

poppler-21.01.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New monthly version.

Change History (4)

comment:1 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 7 months ago

Release 21.01.0:
        core:
         * Faster routines for jpeg decoding
         * Fix reading signatures in encrypted files
         * Add white point correction when lcms is used
         * JBIG2Stream: Fix byte counting
         * Fix potential data loss if we try to fetch a non existing Ref after modifying the document
         * Specifically use DeviceGray instead of DefaultGray for softmasks
         * Fix various issues handling broken files

        utils:
         * pdftocairo: Setmode binary for windows
         * pdfsig: Add hability to digitally sign files
         * pdftoppm: add options to set DeviceGray/DeviceRGB/DeviceCMYK
         * pdftops: add options to set DeviceGray/DeviceRGB/DeviceCMYK
         * pdfimages: Account for rotation in PPI calculation

        qt5:
         * Add hability to digitally sign files

        qt6:
         * Add hability to digitally sign files

        build system:
         * Enable clang-tidy bugprone-signed-char-misuse

comment:3 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24070

comment:4 by Douglas R. Reno, 7 months ago

Priority: normalhigh

According to Arch, this contained a security fix for a heap-buffer-overflow in DCTStream::getChars, which can be exploited by a malicious PDF document. The CVE number is CVE-2020-35702, and this can lead to arbitrary code execution.

Note: See TracTickets for help on using tickets.