[Secure-testing-commits] r57576 - data/CVE

Mattia Rizzolo Sun, 12 Nov 2017 06:59:15 -0800

Author: mattia
Date: 2017-11-12 14:58:27 +0000 (Sun, 12 Nov 2017)
New Revision: 57576


Modified:
   data/CVE/list
Log:
update libpodofo CVE info

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-12 13:23:45 UTC (rev 57575)
+++ data/CVE/list       2017-11-12 14:58:27 UTC (rev 57576)
@@ -23140,12 +23140,12 @@
 CVE-2017-8788 (An issue was discovered on Accellion FTA devices before 
FTA_9_12_180. ...)
        NOT-FOR-US: Accellion FTA devices
 CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry 
function in ...)
-       - libpodofo <unfixed> (bug #861738)
+       - libpodofo 0.9.5-7 (bug #861738)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: Possible unspecified impact. Needs further analysis.
-       NOTE: Proposed patch (for wheezy) attached to bug #861738.
+       NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1851
 CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a 
denial of ...)
        - pcre2 <unfixed> (unimportant; bug #861873)
        NOTE: https://bugs.exim.org/show_bug.cgi?id=2079
@@ -25129,7 +25129,7 @@
        - xen 4.3.0-1
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033948
 CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 
in ...)
-       - libpodofo <unfixed> (bug #860930)
+       - libpodofo 0.9.5-7 (bug #860930)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -32883,7 +32883,7 @@
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
 CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
        {DLA-929-1}
-       - libpodofo <unfixed> (low; bug #854600)
+       - libpodofo 0.9.5-7 (low; bug #854600)
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
@@ -32891,6 +32891,7 @@
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1838
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1841
+       NOTE: further patch for ABI compatibility: 
https://sourceforge.net/p/podofo/mailman/message/36084628/
 CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff 
...)
        - netpbm-free <not-affected> (vulnerable code not present)
        NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57576 - data/CVE

Reply via email to