Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b681c52 by Moritz Muehlenhoff at 2018-03-16T19:39:29+01:00
Resolve various xpdf TODOs
The code has diverged quite a bit and an older version of poppler
correctly sanitises all the cases, so drop the TODO. It's not
relevant to us anyway since we use xpdf based on poppler only.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1304,42 +1304,42 @@ CVE-2018-8107 (The JPXStream::close function in
JPXStream.cc in xpdf 4.00 allows
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in
xpdf 4.00 ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf
4.00 allows ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00
allows ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc
in xpdf ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in
xpdf ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc
in xpdf ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf
4.00 ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8099 (Incorrect returning of an error code in the
index.c:read_entry() ...)
- libgit2 <unfixed> (bug #892962)
NOTE:
https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
@@ -3159,20 +3159,22 @@ CVE-2018-7455 (An out-of-bounds read in
JPXStream::readTilePart in JPXStream.cc
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc
in xpdf ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
- TODO: check, poppler
+ NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in
xpdf 4.00 ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814
- TODO: check, poppler
+ NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in
JPXStream.cc in ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
- TODO: check, poppler
+ NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-7451
RESERVED
CVE-2018-7450
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b681c52405870f51f0c441f6167f75b0042fb95
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b681c52405870f51f0c441f6167f75b0042fb95
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
