Author: mattia Date: 2017-02-08 16:27:16 +0000 (Wed, 08 Feb 2017) New Revision: 48772
Modified: data/CVE/list Log: Update libpodofo CVEs status Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-08 15:10:48 UTC (rev 48771) +++ data/CVE/list 2017-02-08 16:27:16 UTC (rev 48772) @@ -194,9 +194,9 @@ NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1) CVE-2017-5886 [podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)] RESERVED - - libpodofo <unfixed> + - libpodofo <unfixed> (bug #854604) NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp - NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469 + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693 CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...) NOT-FOR-US: dotCMS CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...) @@ -708,30 +708,36 @@ CVE-2016-10194 RESERVED NOT-FOR-US: festivaltts4r +CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)] + - libpodofo <unfixed> (bug #854605) + NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/ + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: https://marc.info/?l=oss-security&m=148603648823037&w=2 CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection] RESERVED - - libpodofo <unfixed> (bug #854118) + - libpodofo 0.9.4-1 (bug #854599) NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ NOTE: https://sourceforge.net/p/podofo/code/1672 CVE-2017-5855 [NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection] RESERVED - - libpodofo <unfixed> (bug #854118) + - libpodofo <unfixed> (bug #854603) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp] RESERVED - - libpodofo <unfixed> (bug #854118) + - libpodofo <unfixed> (bug #854602) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp - NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469 + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5853 [Signed integer overflow in PdfParser.cpp] RESERVED - - libpodofo <unfixed> (bug #854118) + - libpodofo <unfixed> (bug #854601) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp - NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469 + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject] RESERVED - - libpodofo <unfixed> (bug #854118) + - libpodofo <unfixed> (bug #854600) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp - NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469 + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and putgreytile()] RESERVED - netpbm-free <not-affected> (vulnerable code not present) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits