products/PackageHub
SHA256
32
2
Fork 17
Code Issues Pull Requests 24 Actions Activity

Pull request for security update for python-pypdf2 #507

Manually merged
products merged 1 commits from rfrohl/PackageHub:maintenance-update-1772801677 into leap-16.0 2026-03-06 21:46:28 +01:00
Conversation 13 Commits 1 Files Changed 2 +33 -1
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
patchinfo.20260306125446347687.93181000773252/_patchinfo Normal file
View File

@@ -0,0 +1,32 @@
<patchinfo>
<issue tracker="cve" id="2026-27025">VUL-0: CVE-2026-27025: python-pypdf: Possible long runtimes/large memory usage for large /ToUnicode streams</issue>
<issue tracker="cve" id="2025-55197">VUL-0: CVE-2025-55197: python-pypdf: Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used ...</issue>
<issue tracker="bnc" id="1248089"/>
<issue tracker="bnc" id="1258692"/>
<issue tracker="cve" id="2026-27628">VUL-0: CVE-2026-27628: python-pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams</issue>
<issue tracker="cve" id="2026-27888">VUL-0: CVE-2026-27888: python-pypdf: Manipulated FlateDecode XFA streams can exhaust RAM</issue>
<issue tracker="bnc" id="1258691"/>
<issue tracker="bnc" id="1258934"/>
<issue tracker="bnc" id="1258693"/>
<issue tracker="bnc" id="1258940"/>
<issue tracker="cve" id="2026-27024">VUL-0: CVE-2026-27024: python-pypdf: Possible infinite loop when processing TreeObject</issue>
<issue tracker="cve" id="2026-27026">VUL-0: CVE-2026-27026: python-pypdf: Possible long runtimes for malformed FlateDecode streams</issue>
<packager>mcalabkova</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for python-PyPDF2</summary>
<description>This update for python-PyPDF2 fixes the following issues:
Changes in python-PyPDF2:
- CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940)
- CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934)
- CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089)
- CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691)
- CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692)
- CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693)
- Convert to pip-based build
</description>
<package>python-PyPDF2</package>
</patchinfo>

2
python-PyPDF2

Submodule python-PyPDF2 updated: 231b3346ed...a6942256f7