poppler (24.02.0-1ubuntu9.9) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow in Splash backend
- debian/patches/CVE-2026-10118.patch: SplashOutputDev: Fix integer overflow
in tilingPatternFill in poppler/SplashOutputDev.cc.
- CVE-2026-10118
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 04 Jun 2026 10:46:44 -0400
poppler (24.02.0-1ubuntu9.8) noble-security; urgency=medium
* SECURITY UPDATE: User after free
- debian/patches/CVE-2025-52885.patch: check for duplicate
entries in poppler/StructTreeRoot.cc.
- CVE-2025-52885
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 03 Nov 2025 07:57:48 -0300
poppler (24.02.0-1ubuntu9.7) noble-security; urgency=medium
* SECURITY UPDATE: stack consumption via metadata
- debian/patches/CVE-2025-43718.patch: make sure regex doesn't stack
overflow by limiting it in poppler/PDFDoc.cc.
- CVE-2025-43718
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 03 Oct 2025 07:36:12 -0400
poppler (24.02.0-1ubuntu9.6) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-50420.patch: don't continue
recursing in PDFDoc in poppler/PDFDoc.cc.
- CVE-2025-50420
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 12 Aug 2025 12:43:49 -0300
poppler (24.02.0-1ubuntu9.5) noble-security; urgency=medium
* SECURITY UPDATE: DoS via reference count overflow
- debian/patches/CVE-2025-52886.patch: limit amount of annots per
document/page in poppler/Annot.cc, poppler/Page.cc.
- CVE-2025-52886
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 25 Jul 2025 11:20:42 -0400
poppler (24.02.0-1ubuntu9.4) noble-security; urgency=medium
* SECURITY UPDATE: signature validation
- debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
signatures.
- CVE-2025-43903
-- Fabian Toepfer <fabian.toepfer@canonical.com> Thu, 24 Apr 2025 14:59:17 +0200
poppler (24.02.0-1ubuntu9.3) noble-security; urgency=medium
* SECURITY UPDATE: DoS via floating point exception
- debian/patches/CVE-2025-32364.patch: protect against doing int =
-INT_MIN in poppler/Function.cc.
- CVE-2025-32364
* SECURITY UPDATE: DoS in JBIG2Bitmap::combine function
- debian/patches/CVE-2025-32365.patch: move isOk check to inside
JBIG2Bitmap::combine in poppler/JBIG2Stream.cc.
- CVE-2025-32365
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 07 Apr 2025 12:18:03 -0400
poppler (24.02.0-1ubuntu9.2) noble-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read in pdf file parsing.
- debian/patches/CVE-2024-56378.patch: Add checks to unlikely and destPtr
in poppler/JBIG2Stream.cc.
- CVE-2024-56378
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 14 Jan 2025 12:26:08 -0330
poppler (24.02.0-1ubuntu9.1) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-6239.patch: fix crash in broken
documents when using -dests in utils/pdfinfo.c.
- CVE-2024-6239
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 26 Jun 2024 09:54:47 -0300
poppler (24.02.0-1ubuntu9) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 06:48:42 +0000
poppler (24.02.0-1ubuntu8) noble; urgency=medium
* Rename libraries for 64-bit time_t transition. Closes: #1064282
(import changes from 22.12.0-2.1 and 22.12.0-2.2)
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 20 Mar 2024 13:51:25 +0100
poppler (24.02.0-1ubuntu7) noble; urgency=medium
* No-change rebuild against libcurl3t64-gnutls
-- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Mar 2024 07:15:29 +0000
poppler (24.02.0-1ubuntu6) noble; urgency=medium
* No-change rebuild against libqt5core5t64
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 15 Mar 2024 06:31:06 +0000
poppler (24.02.0-1ubuntu5) noble; urgency=medium
* No-change rebuild for archive consistency
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 12 Mar 2024 23:20:47 +0000
poppler (24.02.0-1ubuntu4) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Mar 2024 23:30:00 +0000
poppler (24.02.0-1ubuntu3) noble; urgency=medium
* No-change rebuild against libpng16-16t64
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 29 Feb 2024 07:51:49 +0000
poppler (24.02.0-1ubuntu2) noble; urgency=medium
* Don't run qt6 autopkgtest on i386
-- Jeremy Bícha <jbicha@ubuntu.com> Sun, 18 Feb 2024 19:36:59 -0500
poppler (24.02.0-1ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining change:
- Don't build qt6 library on i386 since qt6 isn't available on
Ubuntu there
-- Amin Bandali <bandali@ubuntu.com> Fri, 16 Feb 2024 13:44:00 -0500
poppler (24.02.0-1) experimental; urgency=medium
* Team upload
* New upstream release
* Update library name to libpoppler134 to match soname
* debian/copyright: Update path of a moved file
-- Amin Bandali <bandali@ubuntu.com> Tue, 13 Feb 2024 11:59:19 -0500
poppler (23.12.0-1ubuntu2) noble; urgency=medium
* Fix i386 build with new poppler
-- Jeremy Bícha <jbicha@ubuntu.com> Sun, 03 Dec 2023 20:04:08 -0500
poppler (23.12.0-1ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining change:
- Don't build qt6 library on i386 since qt6 isn't available on
Ubuntu there
-- Jeremy Bícha <jbicha@ubuntu.com> Sun, 03 Dec 2023 19:54:11 -0500
poppler (23.12.0-1) experimental; urgency=medium
* Team upload
* New upstream release
* Update library name to libpoppler133 to match soname
* Add new symbols to symbols files
* Build-Depend on libcurl4-gnutls-dev
-- Jeremy Bícha <jbicha@ubuntu.com> Fri, 01 Dec 2023 10:08:39 -0500
poppler (23.08.0-2ubuntu1) mantic; urgency=medium
* Merge from Debian experimental (LP: #2031572). Remaining change:
- Don't build qt6 library on i386 since qt6 isn't available on
Ubuntu there
* Drop debian/patches/CVE-2023-34872.patch, fixed upstream.
-- Amin Bandali <bandali@ubuntu.com> Wed, 16 Aug 2023 18:31:57 -0400
poppler (23.08.0-2) experimental; urgency=medium
* Team upload
[ Jeremy Bicha ]
* Explicitly disable gpg support for now
[ Amin Bandali ]
* 23.08.0 upstream release addresses CVE-2023-34872 (Closes: #1042811)
* debian/rules: Opt into LTO (to minimize symbols diff with Ubuntu)
* Drop most optional symbols from libpoppler-qt5-1 and libpoppler-qt6-3
-- Amin Bandali <bandali@ubuntu.com> Wed, 16 Aug 2023 10:20:27 -0400
poppler (23.08.0-1) experimental; urgency=medium
* Team upload
* New upstream release (Closes: #969907)
* Update library name to libpoppler130 to match soname
* Address some lintian error and warnings:
- E: libpoppler-private-dev: depends-on-obsolete-package
Suggests: libfreetype6-dev => libfreetype-dev
- W: poppler source: build-depends-on-obsolete-package
Build-Depends: libfontconfig1-dev => libfontconfig-dev
- W: poppler source: build-depends-on-obsolete-package
Build-Depends: libfreetype6-dev => libfreetype-dev
* Update standards version to 4.6.2, no changes needed
* Update minimum version of several Build-Depends and Depends
per upstream
-- Amin Bandali <bandali@ubuntu.com> Thu, 10 Aug 2023 17:27:57 -0400
poppler (22.12.0-2ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: DoS via crafted PDF file
- debian/patches/CVE-2023-34872.patch: fix crash in poppler/Outline.cc.
- CVE-2023-34872
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Aug 2023 14:49:30 -0400
poppler (22.12.0-2ubuntu1) lunar; urgency=medium
* Merge with Debian. Remaining change:
* Don't build qt6 library on i386 since qt6 isn't available on Ubuntu there
-- Jeremy Bicha <jbicha@ubuntu.com> Sat, 04 Feb 2023 19:24:11 -0500
poppler (22.12.0-2) unstable; urgency=medium
* Team upload
* Release to unstable
-- Jeremy Bicha <jbicha@ubuntu.com> Tue, 10 Jan 2023 16:36:05 -0500
poppler (22.12.0-1ubuntu2) lunar; urgency=medium
* Rebuild
-- Jeremy Bicha <jbicha@ubuntu.com> Fri, 16 Dec 2022 16:50:58 -0500
poppler (22.12.0-1ubuntu1) lunar; urgency=medium
* Don't build QT6 library on i386 since QT6 isn't available on Ubuntu there
-- Jeremy Bicha <jbicha@ubuntu.com> Fri, 16 Dec 2022 10:28:11 -0500
poppler (22.12.0-1) experimental; urgency=medium
* Team upload
[ Nathan Pratta Teodosio ]
* New upstream release
* Update library name to libpoppler126 to match soname
[ Jeremy Bicha ]
* Fix qt6 autopkgtest
* debian/control: Set Rules-Requires-Root: no
-- Nathan Pratta Teodosio <nathan.teodosio@canonical.com> Mon, 12 Dec 2022 14:16:40 -0300
poppler (22.11.0-1) experimental; urgency=medium
[ Jeremy Bicha ]
* New upstream release
* Update library name to libpoppler125 to match soname
* Add Qt6 library (Closes: #1008990)
* Update links in debian/upstream/metadata
* Drop all patches: applied in new release
* Drop obsolete Breaks added long ago to fix 774949
* Run dh_auto_test but ignore test failures for now because of missing
test files
[ Debian Janitor ]
* Trim trailing whitespace
* Set upstream metadata fields
* Remove obsolete field Name from debian/upstream/metadata
* Update standards version to 4.6.1, no changes needed.
* Apply multi-arch hints. + libpoppler-glib-doc: Add Multi-Arch: foreign.
-- Jeremy Bicha <jbicha@ubuntu.com> Tue, 01 Nov 2022 15:15:59 +0100
poppler (22.08.0-2.1) unstable; urgency=medium
* Non-maintainer upload.
* JBIG2Stream: Fix crash on broken file (CVE-2022-38784) (Closes: #1018971)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 03 Sep 2022 21:30:51 +0200
poppler (22.08.0-2) unstable; urgency=medium
* Team upload
* Upload to unstable
-- Jeremy Bicha <jbicha@ubuntu.com> Sun, 21 Aug 2022 13:13:33 -0400
poppler (22.08.0-1) experimental; urgency=medium
* Team upload
* New upstream release
* Update library name to libpoppler123 to match soname
* debian/libpoppler-glib8.symbols.in: Add new symbols
-- Jeremy Bicha <jbicha@ubuntu.com> Wed, 10 Aug 2022 10:04:47 -0400
poppler (22.06.0-1) experimental; urgency=medium
* New upstream version
* libpoppler118->libpoppler122
-- Nathan Pratta Teodosio <nathan.teodosio@canonical.com> Thu, 09 Jun 2022 21:47:08 -0300
poppler (22.02.0-1) experimental; urgency=medium
* Team upload
* New upstream release
* Update library name to libpoppler118 to match soname
* Add new symbols to our symbols files
* debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL = 4
* Set debhelper-compat to 13
* Lots of minor packaging cleanup
-- Jeremy Bicha <jeremy.bicha@canonical.com> Fri, 04 Feb 2022 09:18:41 -0500
poppler (21.11.0-1) experimental; urgency=medium
* New upstream version
* Updated for the soname change
* Refreshed symbols for the new version
-- Sebastien Bacher <seb128@ubuntu.com> Tue, 02 Nov 2021 10:17:01 +0100
poppler (21.06.1-1) experimental; urgency=medium
* New upstream version
-- Sebastien Bacher <seb128@ubuntu.com> Mon, 21 Jun 2021 16:27:09 +0200
poppler (21.06.0-1) experimental; urgency=medium
* New upstream version, updated for the soname change
* debian/control:
- updated glib requirement
* Updated symbols for the new version
-- Sebastien Bacher <seb128@debian.org> Thu, 03 Jun 2021 12:23:29 +0200
poppler (21.02.0-1) experimental; urgency=medium
* New upstream version, updated for the soname change
* debian/control:
- build-depends on libgdk-pixbuf-2.0-dev and libgtk-3-dev
- updated standards version
* debian/libpoppler-dev.install:
- remove deprecated .pc for the list of files to install
-- Sebastien Bacher <seb128@ubuntu.com> Tue, 23 Feb 2021 15:40:38 +0100
poppler (20.09.0-3.1) unstable; urgency=medium
* debian/tests: make autopkgtests cross-test-friendly (Closes: #969726)
[ Gianfranco Costamagna ]
* add some optional symbols that appears/disappears when the source is
built with -O3
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 21 Jan 2021 16:40:36 +0100
poppler (20.09.0-3) unstable; urgency=medium
* debian/tests: build with -Wno-deprecated-declarations, so that we don't
fail if an rdep deprecates some symbols. Closes: #973538.
-- Emilio Pozuelo Monfort <pochu@debian.org> Tue, 03 Nov 2020 13:27:06 +0100
poppler (20.09.0-2) unstable; urgency=medium
* Add new optional symbols generated by the new toolchain.
-- Emilio Pozuelo Monfort <pochu@debian.org> Thu, 03 Sep 2020 21:12:14 +0200
poppler (20.09.0-1) unstable; urgency=medium
* New upstream release.
* Update libpoppler-glib8's symbols.
* Make debian/copyright follow DEP-5.
* License is GPL-2 | GPL-3 since the update to Xpdf 3.03 (see README-XPDF),
update license information in debian/copyright accordingly.
* Upload to unstable.
-- Emilio Pozuelo Monfort <pochu@debian.org> Thu, 03 Sep 2020 18:29:28 +0200
poppler (20.08.0-1) experimental; urgency=medium
* New upstream release.
* debian/watch: use https to fix redirect error.
* Update symbols files.
* libpoppler95 -> libpoppler102.
* Build with boost headers. Closes: #955455.
* Update copyright holders.
-- Emilio Pozuelo Monfort <pochu@debian.org> Thu, 20 Aug 2020 11:02:05 +0200
poppler (0.85.0-2) unstable; urgency=medium
* Upload to unstable.
-- Emilio Pozuelo Monfort <pochu@debian.org> Tue, 18 Aug 2020 11:56:38 +0200
poppler (0.85.0-1) experimental; urgency=medium
[ Andreas Henriksson ]
* New upstream release.
* libpoppler91 -> libpoppler95
* Revert "Silence deprecation warnings for GTime, fixing autopkgtest"
- merged upstream, now part of upstream release.
* Update symbols
[ Philip Withnall ]
* Add python3:any to build deps as it’s used in `make-glib-api-docs` script.
Closes: #947327.
[ Emilio Pozuelo Monfort ]
* Replace ADTTMP variable with AUTOPKGTEST_TMP.
* Update copyright holders.
-- Emilio Pozuelo Monfort <pochu@debian.org> Wed, 19 Feb 2020 18:50:58 +0100
poppler (0.81.0-1) experimental; urgency=medium
* New upstream release. Closes: #924617.
* Remove patches applied upstream.
* libpoppler82 -> libpoppler91.
* Update cmake flag for the unstable headers.
* Update README filename.
* Update symbols files.
* Update copyright holders.
-- Emilio Pozuelo Monfort <pochu@debian.org> Fri, 04 Oct 2019 12:45:27 +0200
poppler (0.71.0-6) unstable; urgency=medium
[ Simon McVittie ]
* d/p/Silence-deprecation-warnings-for-PopplerAttachment-c.patch:
Silence deprecation warnings for GTime, fixing autopkgtest
(Closes: #941718)
[ Emilio Pozuelo Monfort ]
* Remove Joss from uploaders, thanks for all the work! Closes: #930163.
-- Emilio Pozuelo Monfort <pochu@debian.org> Fri, 04 Oct 2019 11:32:23 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libpoppler134`.
Generated by dwww version 1.16 on Sat Jul 11 08:18:38 CEST 2026.