Debian GNU/Linux has received two security updates: [DLA 4141-1] poppler for Debian 11 LTS and [DSA 5908-1] libreoffice for Debian 12

[DLA 4141-1] poppler security update
[DSA 5908-1] libreoffice security update

[SECURITY] [DLA 4141-1] poppler security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4141-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : poppler
Version : 20.09.0-3.1+deb11u2
CVE ID : CVE-2020-36023 CVE-2020-36024 CVE-2022-37050 CVE-2022-37051
CVE-2022-37052 CVE-2022-38349 CVE-2024-56378 CVE-2025-32364
CVE-2025-32365
Debian Bug : 1091322 1102190 1102191

Multiple vulnerabilities have been fixed in the PDF rendering
library poppler.

CVE-2020-36023

Infinite loop in FoFiType1C::cvtGlyph

CVE-2020-36024

NULL dereference in FoFiType1C::convertToType1

CVE-2022-37050

Crash in PDFDoc::savePageAs

CVE-2022-37051

Crash in the pdfunite tool

CVE-2022-37052

Reachable assert on XRef::add failure

CVE-2022-38349

pdfunite crash on broken files

CVE-2024-56378

Out-of-bounds read in JBIG2Bitmap::combine

CVE-2025-32364

Floating point exception in PSStack::roll

CVE-2025-32365

Out-of-bounds read in JBIG2:Bitmap::combine

For Debian 11 bullseye, these problems have been fixed in version
20.09.0-3.1+deb11u2.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 5908-1] libreoffice security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5908-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2025-2866

Juray Sarinay discovered that PDF documents signed with the
adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice,
which could cause invalid signatures to be accepted as legitimate.

For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u8.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/