pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: [ANNOUNCE] Apache PDFBox 2.0.8 released
Date Fri, 03 Nov 2017 18:59:35 GMT
Am 03.11.2017 um 18:28 schrieb davidedillard@gmail.com:
> Hi,
>
> At least three of these issues appear to be vulnerabilities (probably more), any chance
of getting CVEs assigned to them?  Apache is a CNA now so I'd think it wouldn't be too much
trouble.
>
> The issues I see as being vulnerabilities are PDFBOX-3919, PDFBOX-3949 and PDFBOX-3976.

What's your definition of "vulnerability"? The first is an endless loop, 
the other two are NPEs. And what is a "CNA"?

Tilman


>
>
> Thanks,
>
> David
>
>
> On 2017-11-03 02:19, Andreas Lehmkuehler <andreas@lehmi.de> wrote:
>> The Apache PDFBox community is pleased to announce the release of
>> Apache PDFBox version 2.0.8. The release is available for download at:
>>
>> http://pdfbox.apache.org/download.cgi
>>
>> See the full release notes below for details about this release.
>>
>> Release Notes -- Apache PDFBox -- Version 2.0.8
>>
>> Introduction
>> ------------
>>
>> The Apache PDFBox library is an open source Java tool for working with PDF
>> documents.
>>
>> This is an incremental bugfix release based on the earlier 2.0.7 release. It
>> contains
>> a couple of fixes and small improvements.
>>
>> For more details on these changes and all the other fixes and improvements
>> included in this release, please refer to the following issues on the
>> PDFBox issue tracker at https://issues.apache.org/jira/browse/PDFBOX.
>>
>> Bug
>>
>> [PDFBOX-3424] - Regression from 1.8.10: IOException: XREF for 171:0 points to
>> wrong object: 173:0
>> [PDFBOX-3639] - FDF does not parse: Missing root object specification in trailer.
>> [PDFBOX-3874] - /Fontinfo instead of /FontInfo in type 1 font
>> [PDFBOX-3881] - Handling of Byte Order Mark with Metadata-Fields
>> [PDFBOX-3884] - GlyphList registers "wrong" Adobe name for "U+02DC SMALL TILDE"
>> [PDFBOX-3887] - Getting a "DataFormatException: invalid distance too far back"
>> exception for the attached file
>> [PDFBOX-3894] - NPE on org.apache.pdfbox.pdmodel.PDPageTree.isPageTreeNode
>> [PDFBOX-3896] - UnsupportedOperationException
>> [PDFBOX-3898] - AcroFields' PDTextField (and others?) can have kids
>> [PDFBOX-3909] - End of inline image not detected
>> [PDFBOX-3913] - Japanese URI improperly decoded
>> [PDFBOX-3914] - LayerUtility ignores OCProperties on import
>> [PDFBOX-3916] - NPE on org.apache.pdfbox.pdmodel.font.PDType0Font.readEncoding
>> [PDFBOX-3919] - Infinite loop while parsing (2)
>> [PDFBOX-3923] - Expected a long type at offset 52152, instead got 'xref'
>> [PDFBOX-3925] - QUADDING constants no longer public
>> [PDFBOX-3928] - IllegalArgumentException: root cannot be null with truncated file
>> [PDFBOX-3929] - Border style dictionary width ignored by Adobe Reader when float
>> [PDFBOX-3930] - replace deprecated TBSCertificateStructure
>> [PDFBOX-3932] - Image with predictor 15 not rendered correctly
>> [PDFBOX-3934] - Page missing
>> [PDFBOX-3935] - DataFormatException: invalid stored block lengths
>> [PDFBOX-3936] - IllegalArgumentException: root cannot be null with truncated
>> file (2)
>> [PDFBOX-3937] - NPE in PDCIDFontType2 constructor
>> [PDFBOX-3940] - Lost metadata in 2.0.8-SNAPSHOT
>> [PDFBOX-3942] - ClassCastException in getOptionalContentGroups
>> [PDFBOX-3943] - /Helv entry in /DR not created if /DR exists
>> [PDFBOX-3946] - NPE in PDActionURI.getURI() if URI doesn't exist
>> [PDFBOX-3947] - ArrayIndexOutOfBoundsException in bfSearchForObjStreams
>> [PDFBOX-3948] - NumberFormatException in bfSearchForObjStreams
>> [PDFBOX-3949] - NPE in bfSearchForObjStreams
>> [PDFBOX-3950] - NPE in PageIterator.enqueueKids
>> [PDFBOX-3955] - new -- very slow processing on truncated PDF
>> [PDFBOX-3957] - Pages lost
>> [PDFBOX-3958] - UTF-16 (BE) URI improperly decoded
>> [PDFBOX-3959] - DataFormatException: invalid code lengths set with truncated file
>> [PDFBOX-3963] - ClassCastException in PDCIDFont.readVerticalDisplacements()
>> [PDFBOX-3965] - Truetype Font glyphs not rendered
>> [PDFBOX-3967] - IllegalArgumentException: Illegal Capacity: -1
>> [PDFBOX-3969] - Splitting starts counting for cutting out pages wrongly
>> [PDFBOX-3972] - Incorrect page after merge for OpenAction with GoTo page destination
>> [PDFBOX-3976] - NPE in bfSearchForTrailer
>> [PDFBOX-3977] - /Info dictionary no longer available
>> [PDFBOX-3978] - IllegalStateException on saveIncrementalForExternalSigning
>> [PDFBOX-3979] - NullPointerException on
>> Type1Parser.readCharStrings(Type1Parser.java:713)
>>
>> Improvement
>>
>> [PDFBOX-3878] - Improve and refactor RemoveAllText example
>> [PDFBOX-3890] - The operator Tz is not available when creating new PDF using
>> PDPageContentStream
>> [PDFBOX-3897] - Avoid sRGB self-conversions
>> [PDFBOX-3900] - Optimize PDSeparation for shadings
>> [PDFBOX-3911] - Handle new line characters in single line text fields
>> [PDFBOX-3920] - CIDSet should be PDF/A-2b compatible
>> [PDFBOX-3927] - Support optional content in annotations
>> [PDFBOX-3944] - ERROR "Can't read embedded ICC profile" is too scary
>> [PDFBOX-3971] - Add Certificate Dictionary to seed value in signature field
>> [PDFBOX-3982] - [Patch/RFC] Set maximum compression level on FlateFilter
>> [PDFBOX-3983] - [Patch] Don't a allow a miter limit <= 0
>>
>> Task
>>
>> [PDFBOX-3584] - Build and test PDFBox with JDK9
>> [PDFBOX-3873] - Fix text comparison in PDFontTest
>> [PDFBOX-3938] - Add test from PDFBOX-2079 to 2.0 and trunk
>> [PDFBOX-3974] - Add more parsing regression tests
>>
>> Release Contents
>> ----------------
>>
>> This release consists of a single source archive packaged as a zip file.
>> The archive can be unpacked with the jar tool from your JDK installation.
>> See the README.txt file for instructions on how to build this release.
>>
>> The source archive is accompanied by SHA1 and MD5 checksums and a PGP
>> signature that you can use to verify the authenticity of your download.
>> The public key used for the PGP signature can be found at
>> https://svn.apache.org/repos/asf/pdfbox/KEYS.
>>
>> About Apache PDFBox
>> -------------------
>>
>> Apache PDFBox is an open source Java library for working with PDF documents.
>> This project allows creation of new PDF documents, manipulation of existing
>> documents and the ability to extract content from documents. Apache PDFBox
>> also includes several command line utilities. Apache PDFBox is published
>> under the Apache License, Version 2.0.
>>
>> For more information, visit http://pdfbox.apache.org/
>>
>> About The Apache Software Foundation
>> ------------------------------------
>>
>> Established in 1999, The Apache Software Foundation provides organizational,
>> legal, and financial support for more than 100 freely-available,
>> collaboratively-developed Open Source projects. The pragmatic Apache License
>> enables individual and commercial users to easily deploy Apache software;
>> the Foundation's intellectual property framework limits the legal exposure
>> of its 2,500+ contributors.
>>
>> For more information, visit http://www.apache.org/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message