Author: jmm
Date: 2017-02-15 18:47:05 +0000 (Wed, 15 Feb 2017)
New Revision: 48967
Modified:
data/CVE/list
Log:
gst-plugins-bad0.10, podofo no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-15 18:45:43 UTC (rev 48966)
+++ data/CVE/list 2017-02-15 18:47:05 UTC (rev 48967)
@@ -797,6 +797,7 @@
CVE-2017-5848 (The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in ...)
- gst-plugins-bad1.0 <unfixed> (low)
- gst-plugins-bad0.10 <unfixed> (low)
+ [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
@@ -824,6 +825,7 @@
CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) ...)
- gst-plugins-bad1.0 1.10.3-1
- gst-plugins-bad0.10 <unfixed> (low)
+ [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
CVE-2017-5842 (The html_context_handle_element function in
gst/subparse/samiparse.c ...)
@@ -922,32 +924,38 @@
NOT-FOR-US: festivaltts4r
CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat
(pdfinfo.cpp)]
- libpodofo <unfixed> (bug #854605)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/02/02/21
CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection]
RESERVED
- libpodofo 0.9.4-1 (bug #854599)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
NOTE: https://sourceforge.net/p/podofo/code/1672
CVE-2017-5855 [NULL pointer dereference in
PoDoFo::PdfParser::ReadXRefSubsection]
RESERVED
- libpodofo <unfixed> (bug #854603)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp]
RESERVED
- libpodofo <unfixed> (bug #854602)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
RESERVED
- libpodofo <unfixed> (bug #854601)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
RESERVED
- libpodofo <unfixed> (bug #854600)
+ [jessie] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and
putgreytile()]
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
