poppler: fix CVE-2025-43903 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-04-28 12:52:48 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-05-17 12:20:48 -0600
commit	56bca048316237ae872cbaffe54be02656d5ebba (patch)
tree	e7625087412d9e3996945b5f3638c7780b100e9c /meta-python/recipes-devtools/python/python3-h5py
parent	a0b54655b573eb627ba4cb7453ce8f856e4cbe33 (diff)
download	meta-openembedded-56bca048316237ae872cbaffe54be02656d5ebba.tar.gz

poppler: fix CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903-0001 is the dependent commit and CVE-2025-43903-0002 is the actual CVE fix. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-43903 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/33672ca1b6670f7378e24f6d475438f7f5d86b05 https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-h5py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: