Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: b12426e0 by Markus Koschany at 2019-03-07T22:46:35Z CVE-2018-20662,poppler: Link to correct fixing commit. - - - - - d5a51772 by Markus Koschany at 2019-03-07T22:46:35Z Remove no-dsa tags from poppler/Jessie. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5390,7 +5390,6 @@ CVE-2019-7311 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...) - poppler <unfixed> (bug #921215) [stretch] - poppler <ignored> (Minor issue) - [jessie] - poppler <ignored> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172 @@ -13793,9 +13792,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers t [stretch] - poppler <no-dsa> (Minor issue) [jessie] - poppler <postponed> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706 - NOTE: Initial approach of fixing the issue via - NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f - NOTE: causes regressions on some files and was reverted upstream. + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...) NOT-FOR-US: OpenRefine CVE-2019-3579 @@ -14732,7 +14729,6 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shr CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef ...) - poppler <unfixed> (low; bug #917325) [stretch] - poppler <no-dsa> (Minor issue) - [jessie] - poppler <postponed> (can be fixed later when patch was officially accepted) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692 NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143 CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the ...) @@ -25528,7 +25524,6 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...) - poppler <unfixed> (low; bug #913177) [stretch] - poppler <ignored> (Minor issue) - [jessie] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits