-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 05 May 2009 09:45:16 -0400
Source: kdegraphics
Binary: kdegraphics-kfile-plugins ksnapshot kviewshell kghostview libkscan-dev kruler kcoloredit kamera kdegraphics-dev libkscan1 kdegraphics-dbg kview kdegraphics-doc-html kpdf ksvg kdvi kiconedit kfax kfaxview kuickshow kooka kdegraphics kolourpaint kmrml kgamma kpovmodeler
Architecture: amd64
Version: 4:3.5.5-3etch3
Distribution: oldstable-security
Urgency: high
Maintainer: Debian amd64 Build Daemon <buildd_i386-excelsior@buildd.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description: 
 kamera     - digital camera io_slave for Konqueror
 kcoloredit - a color palette editor and color picker for KDE
 kdegraphics-dbg - debugging symbols for kdegraphics
 kdegraphics-dev - development files for the KDE graphics module
 kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files
 kdvi       - dvi viewer for KDE
 kfax       - G3/G4 fax viewer for KDE
 kfaxview   - G3/G4 fax viewer for KDE using kviewshell
 kgamma     - gamma correction module for the KDE Control Center
 kghostview - PostScript viewer for KDE
 kiconedit  - an icon editor for KDE
 kmrml      - a Konqueror plugin for searching pictures
 kolourpaint - a simple paint program for KDE
 kooka      - scanner program for KDE
 kpdf       - PDF viewer for KDE
 kpovmodeler - a graphical editor for povray scenes
 kruler     - a screen ruler and color measurement tool for KDE
 ksnapshot  - screenshot utility for KDE
 ksvg       - SVG viewer for KDE
 kuickshow  - KDE image/slideshow viewer
 kview      - simple image viewer/converter for KDE
 kviewshell - generic framework for viewer applications in KDE
 libkscan-dev - development files for the KDE scanner library
 libkscan1  - scanner library for KDE
Changes: 
 kdegraphics (4:3.5.5-3etch3) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team
     - CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
       remote attackers to cause a denial of service (crash) via a crafted PDF
       file, related to (1) JBIG2SymbolDict::setBitmap and (2)
       JBIG2Stream::readSymbolDictSeg.
     - CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow
       remote attackers to cause a denial of service (crash) via a crafted PDF
       file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
       JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
     - CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
       earlier, as used in Poppler and other products, when running on Mac OS X,
       has unspecified impact, related to "g*allocn."
     - CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, and other products allows remote attackers to cause a denial
       of service (crash) via a crafted PDF file that triggers a free of
       uninitialized memory.
     - CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (crash) via a crafted PDF file
       that triggers an out-of-bounds read.
     - CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in
       Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
       and other products allow remote attackers to execute arbitrary code via
       a crafted PDF file.
     - CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
       earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
       allows remote attackers to execute arbitrary code via a crafted PDF file.
     - CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to execute arbitrary code via a crafted PDF file that triggers
       a free of invalid data.
     - CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
       and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (crash) via a crafted PDF file that
       triggers a NULL pointer dereference.
     - CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
       3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
       other products allow remote attackers to execute arbitrary code via a
       crafted PDF file.
     - CVE-2009-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
       1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
       attackers to cause a denial of service (infinite loop and hang) via a
       crafted PDF file.
Files: 
 73239125281fd9ab71e0e2c003f64c16 93608 graphics optional kamera_3.5.5-3etch3_amd64.deb
 eb13d634f9546fab21444ecbbc2c72a2 109344 graphics optional kcoloredit_3.5.5-3etch3_amd64.deb
 49474d1629a1a8ae7f4440af50eeb386 102092 devel optional kdegraphics-dev_3.5.5-3etch3_amd64.deb
 071bce4faeaf81992111cc71ad31b50f 292926 kde optional kdegraphics-kfile-plugins_3.5.5-3etch3_amd64.deb
 23fc287b643cd057027ed6c3c3892c06 540444 graphics optional kdvi_3.5.5-3etch3_amd64.deb
 50488742c48273f9c487a38c1aacd018 149576 graphics optional kfax_3.5.5-3etch3_amd64.deb
 b38ef5ee22f8b4a99e3c54cebccd35f5 111860 graphics optional kfaxview_3.5.5-3etch3_amd64.deb
 595d9816ff2496d6107b300dad1d00a1 80366 graphics optional kgamma_3.5.5-3etch3_amd64.deb
 0b9688f7dd1d7ba64f17cbe2b750a3a4 243014 graphics optional kghostview_3.5.5-3etch3_amd64.deb
 82a45153191311a867e8987b6856ac3a 184414 graphics optional kiconedit_3.5.5-3etch3_amd64.deb
 14a1facecfe3fbd543733814a8dd9940 240432 kde optional kmrml_3.5.5-3etch3_amd64.deb
 51a7a1d62eaae040b089e5044e9a2171 1100682 graphics optional kolourpaint_3.5.5-3etch3_amd64.deb
 7475be7d9f5dcb52d354f3087cae44ce 768332 graphics optional kooka_3.5.5-3etch3_amd64.deb
 4bc31d4602b1f388176d679342e3b2e9 792056 graphics optional kpdf_3.5.5-3etch3_amd64.deb
 91008033d6ea0404baad997d070d8499 2290492 graphics optional kpovmodeler_3.5.5-3etch3_amd64.deb
 a010e8f0752195840577f74225d4b8c1 69172 graphics optional kruler_3.5.5-3etch3_amd64.deb
 c4d728cff49c6378eedd7e6d51f08d89 176602 graphics optional ksnapshot_3.5.5-3etch3_amd64.deb
 7064667752a9ba80fbb01ebc97159f59 1221106 graphics optional ksvg_3.5.5-3etch3_amd64.deb
 84d8d310e996083df53e67708abe71f1 499030 graphics optional kuickshow_3.5.5-3etch3_amd64.deb
 b4bac054eb6c187f06658f686ffc284a 423860 graphics optional kview_3.5.5-3etch3_amd64.deb
 cf8f0faecff0e9cb457d8e7876c5cb3c 829848 graphics optional kviewshell_3.5.5-3etch3_amd64.deb
 c15b3117e8f9d3ebad285f6d9fd30369 19770 libdevel optional libkscan-dev_3.5.5-3etch3_amd64.deb
 0523fe801015d735b533ebeb1d42af0b 144850 libs optional libkscan1_3.5.5-3etch3_amd64.deb
 99731d961c5da4b33206b5d8e5ee6e65 25829340 libdevel extra kdegraphics-dbg_3.5.5-3etch3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKAZGQYrVLjBFATsMRAoT2AJ9DPdMIChLr/EW+zKjWAfmtC3QdCACeOnvs
4eUojmzUj9Z98e9/wMinbtA=
=0P38
-----END PGP SIGNATURE-----