Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b12426e0 by Markus Koschany at 2019-03-07T22:46:35Z
CVE-2018-20662,poppler: Link to correct fixing commit.
- - - - -
d5a51772 by Markus Koschany at 2019-03-07T22:46:35Z
Remove no-dsa tags from poppler/Jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5390,7 +5390,6 @@ CVE-2019-7311
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an
integer ...)
- poppler <unfixed> (bug #921215)
[stretch] - poppler <ignored> (Minor issue)
- [jessie] - poppler <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
@@ -13793,9 +13792,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in
PDFDoc.cc allows attackers t
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
- NOTE: Initial approach of fixing the issue via
- NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
- NOTE: causes regressions on some files and was reverted upstream.
+ NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because
Directory ...)
NOT-FOR-US: OpenRefine
CVE-2019-3579
@@ -14732,7 +14729,6 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is
used, mishandles file shr
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles
unallocated XRef ...)
- poppler <unfixed> (low; bug #917325)
[stretch] - poppler <no-dsa> (Minor issue)
- [jessie] - poppler <postponed> (can be fixed later when patch was
officially accepted)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
NOTE: Proposed fix:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection
via the ...)
@@ -25528,7 +25524,6 @@ CVE-2018-19059 (An issue was discovered in Poppler
0.71.0. There is a out-of-bou
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a
reachable abort ...)
- poppler <unfixed> (low; bug #913177)
[stretch] - poppler <ignored> (Minor issue)
- [jessie] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted
IMG ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
