--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-dc83ae690a
2021-03-30 14:30:22.203453
--------------------------------------------------------------------------------
Name : pdfbox
Product : Fedora 32
Version : 2.0.23
Release : 1.fc32
URL :
http://pdfbox.apache.org/
Summary : Apache PDFBox library for working with PDF documents
Description :
Apache PDFBox is an open source Java PDF library for working with PDF
documents. This project allows creation of new PDF documents, manipulation of
existing documents and the ability to extract content from documents. Apache
PDFBox also includes several command line utilities. Apache PDFBox is
published under the Apache License v2.0.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-27807 and CVE-2021-27906
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 19 2021 Fedora Release Monitoring <release-monitoring(a)fedoraproject.org> -
2.0.23-1
- Update to 2.0.23 (#1940796)
* Tue Jan 26 2021 S��rgio Basto <sergio(a)serjux.com> - 2.0.22-1
- Update to 2.0.22 (#1909499)
- Bouncycastle 1.67 patch is already upstreamed
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.21-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 25 2021 S��rgio Basto <sergio(a)serjux.com> - 2.0.21-3
- Add bouncycastle 1.67 support (from daviddavid)
* Thu Sep 10 2020 Fabio Valentini <decathorpe(a)gmail.com> - 2.0.21-2
- Drop log4j12 dependency, it seems to not be necessary any longer.
* Wed Aug 26 2020 S��rgio Basto <sergio(a)serjux.com> - 2.0.21-1
- Fix build on F33
- Update pdfbox to 2.0.21 (#1871001)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a
crafted PDF file
https://bugzilla.redhat.com/show_bug.cgi?id=1941050
[ 2 ] Bug #1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF
file
https://bugzilla.redhat.com/show_bug.cgi?id=1941055
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-dc83ae690a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------