Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96fe1f44 by Markus Koschany at 2022-09-26T00:12:08+02:00
Remove no-dsa tags for upcoming security update of poppler.
- - - - -
ca01099d by Markus Koschany at 2022-09-26T00:14:33+02:00
Reserve DLA-3120-1 for poppler
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -38160,7 +38160,6 @@ CVE-2022-27338
CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0
allows ...)
{DSA-5224-1}
- poppler 22.08.0-2 (bug #1010695)
- [buster] - poppler <no-dsa> (Minor issue)
[stretch] - poppler <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
(poppler-22.04.0)
@@ -138532,7 +138531,6 @@ CVE-2020-27779 (A flaw was found in grub2 in versions
prior to 2.06. The cutmem
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were
converte ...)
- poppler 0.85.0-2
- [buster] - poppler <postponed> (Minor issue)
[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a
(poppler-0.76.0)
@@ -223240,7 +223238,6 @@ CVE-2019-14494 (An issue was discovered in Poppler
through 0.78.0. There is a di
{DLA-2440-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (bug #933812)
- [buster] - poppler <ignored> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
@@ -237600,7 +237597,6 @@ CVE-2019-9959 (The JPXStream::init function in
Poppler 0.78.0 and earlier doesn'
{DLA-2440-1 DLA-1963-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #941776)
- [buster] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
NOTE: Patch:
https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557
(poppler-0.79.0)
NOTE: Reproducer:
https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
@@ -237790,7 +237786,6 @@ CVE-2019-9904 (An issue was discovered in
lib\cdt\dttree.c in libcdt.a in graphv
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles
dict mark ...)
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #925264)
- [buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
@@ -255186,7 +255181,6 @@ CVE-2018-20650 (A reachable Object::dictLookup
assertion in Poppler 0.72.0 allow
{DLA-2440-1 DLA-1939-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #917974)
- [buster] - poppler <ignored> (Minor issue)
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
CVE-2018-20649
@@ -267313,7 +267307,6 @@ CVE-2018-19058 (An issue was discovered in Poppler
0.71.0. There is a reachable
{DLA-2440-1 DLA-1706-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #913177)
- [buster] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted
IMG ele ...)
@@ -267692,7 +267685,6 @@ CVE-2018-18898 (The email-ingestion feature in Best
Practical Request Tracker 4.
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory
leak in G ...)
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #913164)
- [buster] - poppler <ignored> (Negligible security impact)
[stretch] - poppler <ignored> (Negligible security impact)
[jessie] - poppler <ignored> (Negligible security impact; memory leak)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Sep 2022] DLA-3120-1 poppler - security update
+ {CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903
CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784}
+ [buster] - poppler 0.71.0-5+deb10u1
[25 Sep 2022] DLA-3119-1 expat - security update
{CVE-2022-40674}
[buster] - expat 2.2.6-2+deb10u5
=====================================
data/dla-needed.txt
=====================================
@@ -125,10 +125,6 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
-poppler (Markus Koschany)
- NOTE: 20220904: Programming language: C.
- NOTE: 20220922: Release is pending. (apo)
---
python-django
NOTE: 20220911: Programming language: Python
NOTE: 20220911: There are many minors issues that should be done in a point
release. No further point releases for buster.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
