obsolete

FEDORA-2017-21293887a2 created by dtardon 4 years ago for Fedora 26

Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928.


Security fix for CVE-2017-14617


Security fix for CVE-2017-14517, CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929.

This update has been submitted for testing by dtardon.

4 years ago

This update has obsoleted poppler-0.52.0-7.fc26, and has inherited its bugs and notes.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon rdieter commented & provided feedback 4 years ago

My apologies, this build happened while Qt-5.9 was temporariy a buildroot override (poppler-qt5 currently has unsatisfied dependency on Qt-5.9). 2 options: rebuild again or wait for Qt-5.9.x to land in updates (If it were me, I'd do the former, so this could go stable faster)

dtardon edited this update.

4 years ago
User Icon cserpentis commented & provided feedback 4 years ago
karma

works for me

User Icon dhgutteridge commented & provided feedback 4 years ago
karma

Updating this package and krita is impossible for me right now.

 Problem 1: cannot install the best update candidate for package poppler-qt5-0.52.0-6.fc26.x86_64
  - nothing provides libQt5Core.so.5(Qt_5.9)(64bit) needed by poppler-qt5-0.52.0-8.fc26.x86_64
 Problem 2: cannot install the best update candidate for package pykde4-4.14.3-17.fc26.x86_64
  - nothing provides sip-api(12) >= 12.2 needed by pykde4-4.14.3-18.fc26.x86_64
 Problem 3: package poppler-qt5-0.52.0-6.fc26.x86_64 requires poppler(x86-64) = 0.52.0-6.fc26, but none of the providers can be installed
  - cannot install both poppler-0.52.0-8.fc26.x86_64 and poppler-0.52.0-6.fc26.x86_64
  - problem with installed package poppler-qt5-0.52.0-6.fc26.x86_64
  - cannot install the best update candidate for package poppler-0.52.0-6.fc26.x86_64
  - nothing provides libQt5Core.so.5(Qt_5.9)(64bit) needed by poppler-qt5-0.52.0-8.fc26.x86_64
 Problem 4: package okular-part-16.12.3-1.fc26.x86_64 requires libpoppler-qt5.so.1()(64bit), but none of the providers can be installed
  - package poppler-qt5-0.52.0-6.fc26.x86_64 requires poppler(x86-64) = 0.52.0-6.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-5.fc26.x86_64 requires poppler(x86-64) = 0.52.0-5.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-2.fc26.x86_64 requires poppler(x86-64) = 0.52.0-2.fc26, but none of the providers can be installed
  - cannot install both poppler-0.52.0-8.fc26.x86_64 and poppler-0.52.0-6.fc26.x86_64
  - cannot install both poppler-0.52.0-5.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - cannot install both poppler-0.52.0-2.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - package poppler-glib-0.52.0-8.fc26.x86_64 requires poppler(x86-64) = 0.52.0-8.fc26, but none of the providers can be installed
  - cannot install the best update candidate for package poppler-glib-0.52.0-6.fc26.x86_64
  - cannot install the best update candidate for package okular-part-16.12.3-1.fc26.x86_64
  - nothing provides libQt5Core.so.5(Qt_5.9)(64bit) needed by poppler-qt5-0.52.0-8.fc26.x86_64
 Problem 5: package krita-3.3.1-1.fc26.x86_64 requires libpoppler-qt5.so.1()(64bit), but none of the providers can be installed
  - package poppler-qt5-0.52.0-6.fc26.x86_64 requires poppler(x86-64) = 0.52.0-6.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-5.fc26.x86_64 requires poppler(x86-64) = 0.52.0-5.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-2.fc26.x86_64 requires poppler(x86-64) = 0.52.0-2.fc26, but none of the providers can be installed
  - cannot install both poppler-0.52.0-8.fc26.x86_64 and poppler-0.52.0-6.fc26.x86_64
  - cannot install both poppler-0.52.0-5.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - cannot install both poppler-0.52.0-2.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - package poppler-qt-0.52.0-8.fc26.x86_64 requires poppler(x86-64) = 0.52.0-8.fc26, but none of the providers can be installed
  - cannot install the best update candidate for package poppler-qt-0.52.0-6.fc26.x86_64
  - cannot install the best update candidate for package krita-3.3.1-1.fc26.x86_64
  - nothing provides libQt5Core.so.5(Qt_5.9)(64bit) needed by poppler-qt5-0.52.0-8.fc26.x86_64
 Problem 6: package kf5-kfilemetadata-5.38.0-1.fc26.x86_64 requires libpoppler-qt5.so.1()(64bit), but none of the providers can be installed
  - package poppler-qt5-0.52.0-6.fc26.x86_64 requires poppler(x86-64) = 0.52.0-6.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-5.fc26.x86_64 requires poppler(x86-64) = 0.52.0-5.fc26, but none of the providers can be installed
  - package poppler-qt5-0.52.0-2.fc26.x86_64 requires poppler(x86-64) = 0.52.0-2.fc26, but none of the providers can be installed
  - cannot install both poppler-0.52.0-8.fc26.x86_64 and poppler-0.52.0-6.fc26.x86_64
  - cannot install both poppler-0.52.0-5.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - cannot install both poppler-0.52.0-2.fc26.x86_64 and poppler-0.52.0-8.fc26.x86_64
  - package poppler-utils-0.52.0-8.fc26.x86_64 requires poppler(x86-64) = 0.52.0-8.fc26, but none of the providers can be installed
  - cannot install the best update candidate for package poppler-utils-0.52.0-6.fc26.x86_64
  - cannot install the best update candidate for package kf5-kfilemetadata-5.38.0-1.fc26.x86_64
  - nothing provides libQt5Core.so.5(Qt_5.9)(64bit) needed by poppler-qt5-0.52.0-8.fc26.x86_64
=======================================================================================================================================
 Package                          Arch                      Version                           Repository                          Size
=======================================================================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
 poppler                          x86_64                    0.52.0-2.fc26                     fedora                             829 k
 poppler                          x86_64                    0.52.0-5.fc26                     updates                            829 k
 poppler                          x86_64                    0.52.0-8.fc26                     updates-testing                    830 k
Skipping packages with broken dependencies:
 poppler-glib                     x86_64                    0.52.0-8.fc26                     updates-testing                    145 k
 poppler-qt                       x86_64                    0.52.0-8.fc26                     updates-testing                    172 k
 poppler-qt5                      x86_64                    0.52.0-2.fc26                     fedora                             175 k
 poppler-qt5                      x86_64                    0.52.0-5.fc26                     updates                            175 k
 poppler-qt5                      x86_64                    0.52.0-8.fc26                     updates-testing                    174 k
 poppler-utils                    x86_64                    0.52.0-8.fc26                     updates-testing                    190 k
 pykde4                           x86_64                    4.14.3-18.fc26                    updates-testing                    2.9 M

Transaction Summary
=======================================================================================================================================
Skip  10 Packages
User Icon genodeftest commented & provided feedback 4 years ago
karma

Same issue here, installing this package from updates-testing using dnf is not possible as it wants to uninstall poppler-qt5. New bug report for that issue: https://bugzilla.redhat.com/show_bug.cgi?id=1502335

User Icon rdieter commented & provided feedback 4 years ago

The requisite qt5-qtbase package is available in a separate update, FEDORA-2017-c133443edc

User Icon pwalter commented & provided feedback 4 years ago
karma

Works

User Icon hreindl commented & provided feedback 4 years ago
karma

works for me - all the -1 becuas eof deps are nonsense, the qt packages where built but at that point in time not pushed to the repos which is normal - so keep your uneducated -1 for yourself and at least ask what that means as long dnf simply skips while other updates are properly applied

User Icon genodeftest commented & provided feedback 4 years ago
karma

Works fine for me too, now, after the qt packages have been updated.

@hreindl: If the package does not install from updates-testing, it is broken. That's not about being uneducated or not.

User Icon hreindl commented & provided feedback 4 years ago

@genodeftest that is nonsense - then gibe a 0 karma and make a comment until you understand what is happening, giving negative karma leads to not push security updates after the issue is fixed or where where you to revert your negative karma until a few minutes ago?

my excuse not giving positive karma days ago is https://bugzilla.redhat.com/show_bug.cgi?id=1504089 but you should have reverted your negative manually per webinterface instead holding back security updates

just because it don't solve deps on your machine don't mean it wouldn't on others whout in that case gnome or server machines using poppler - hence the 0 karma with the comment option exists

User Icon kparal commented & provided feedback 4 years ago
karma

pdf rendering looks fine in evince

This update has been obsoleted by poppler-0.52.0-9.fc26.

4 years ago

Please login to add feedback.

Metadata
Type
security
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
modified
4 years ago
BZ#1499162 CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseEntry() function
0
0
BZ#1499163 CVE-2017-14518 poppler: Floating point exception in the isImageInterpolationRequired() function
0
0
BZ#1499165 CVE-2017-14519 poppler: Memory corruption via Gfx.cc infinite loop
0
0
BZ#1499167 CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loop
0
0
BZ#1499168 CVE-2017-14517 CVE-2017-14518 CVE-2017-14519 CVE-2017-14929 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 poppler: various flaws [fedora-all]
0
0
BZ#1499905 CVE-2017-14617 poppler: Floating point exception in the ImageStream class
0
0
BZ#1499906 CVE-2017-14617 poppler: Floating point exception in the ImageStream class [fedora-all]
0
0
BZ#1500322 CVE-2017-14928 poppler: NULL pointer dereference in the AnnotRichMedia::Configuration::Configuration
0
0
BZ#1500323 CVE-2017-14926 poppler: NULL pointer dereference in the AnnotRichMedia::Content::Content
0
0
BZ#1500324 CVE-2017-14927 poppler: NULL pointer dereference in the SplashOutputDev::type3D0() function
0
0
BZ#1500326 CVE-2017-14926 CVE-2017-14927 CVE-2017-14928 poppler: various flaws [fedora-all]
0
0

Automated Test Results