Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96fe1f44 by Markus Koschany at 2022-09-26T00:12:08+02:00 Remove no-dsa tags for upcoming security update of poppler. - - - - - ca01099d by Markus Koschany at 2022-09-26T00:14:33+02:00 Reserve DLA-3120-1 for poppler - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -38160,7 +38160,6 @@ CVE-2022-27338 CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...) {DSA-5224-1} - poppler 22.08.0-2 (bug #1010695) - [buster] - poppler <no-dsa> (Minor issue) [stretch] - poppler <postponed> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74 (poppler-22.04.0) @@ -138532,7 +138531,6 @@ CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem [stretch] - grub2 <ignored> (No SecureBoot support in stretch) CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) - poppler 0.85.0-2 - [buster] - poppler <postponed> (Minor issue) [stretch] - poppler <postponed> (Minor issue; maybe worth fixing later) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0) @@ -223240,7 +223238,6 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di {DLA-2440-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (bug #933812) - [buster] - poppler <ignored> (Minor issue) [jessie] - poppler <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317 @@ -237600,7 +237597,6 @@ CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn' {DLA-2440-1 DLA-1963-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #941776) - [buster] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805 NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0) NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf @@ -237790,7 +237786,6 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...) [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #925264) - [buster] - poppler <ignored> (Minor issue) [stretch] - poppler <ignored> (Minor issue) [jessie] - poppler <not-affected> (Vulnerable code not present) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741 @@ -255186,7 +255181,6 @@ CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allow {DLA-2440-1 DLA-1939-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #917974) - [buster] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704 CVE-2018-20649 @@ -267313,7 +267307,6 @@ CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable {DLA-2440-1 DLA-1706-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #913177) - [buster] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...) @@ -267692,7 +267685,6 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4. CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...) [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #913164) - [buster] - poppler <ignored> (Negligible security impact) [stretch] - poppler <ignored> (Negligible security impact) [jessie] - poppler <ignored> (Negligible security impact; memory leak) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[26 Sep 2022] DLA-3120-1 poppler - security update + {CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784} + [buster] - poppler 0.71.0-5+deb10u1 [25 Sep 2022] DLA-3119-1 expat - security update {CVE-2022-40674} [buster] - expat 2.2.6-2+deb10u5 ===================================== data/dla-needed.txt ===================================== @@ -125,10 +125,6 @@ pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. -- -poppler (Markus Koschany) - NOTE: 20220904: Programming language: C. - NOTE: 20220922: Release is pending. (apo) --- python-django NOTE: 20220911: Programming language: Python NOTE: 20220911: There are many minors issues that should be done in a point release. No further point releases for buster. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits