Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8da3c77 by Moritz Muehlenhoff at 2025-08-31T15:37:46+02:00
older podofo issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -369519,21 +369519,19 @@ CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A
stack-based buffer overflow
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/132/
CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive
call in Pd ...)
- - libpodofo <unfixed> (bug #986793)
- [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
- [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
+ - libpodofo 0.9.8+dfsg-1 (bug #986793)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
+ NOTE:
https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive
call among ...)
- - libpodofo <unfixed> (bug #986792)
- [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
- [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
+ - libpodofo 0.9.8+dfsg-1 (bug #986792)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
+ NOTE:
https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in
PoDoFo::PdfVecO ...)
- libpodofo <unfixed> (bug #986791)
[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
@@ -428461,13 +428459,12 @@ CVE-2020-18972 (Exposure of Sensitive Information
to an Unauthorized Actor in Po
NOTE: https://sourceforge.net/p/podofo/tickets/49/
NOTE: Negligible security impact
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers
to cause ...)
- - libpodofo <unfixed> (bug #1014858)
- [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
- [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
+ - libpodofo 0.9.8+dfsg-1 (bug #1014858)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/48/
+ NOTE:
https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
CVE-2020-18970
RESERVED
CVE-2020-18969
@@ -566327,9 +566324,7 @@ CVE-2018-8004 (There are multiple HTTP smuggling and
cache poisoning issues when
CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a
directory ...)
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
PdfPar ...)
- - libpodofo <unfixed> (low; bug #892557)
- [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
- [bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
+ - libpodofo 0.9.8+dfsg-1 (bug #892557)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -566337,6 +566332,7 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an
infinite loop vulnerability in P
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
+ NOTE:
https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read
vulnerabil ...)
- libpodofo 0.9.6+dfsg-3 (low; bug #892556)
[stretch] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da3c775bf63f3477ded513dc075ef14214fa57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da3c775bf63f3477ded513dc075ef14214fa57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
