[Secure-testing-commits] r58365 - data/CVE

Mattia Rizzolo Fri, 08 Dec 2017 08:36:29 -0800

Author: mattia
Date: 2017-12-08 16:36:08 +0000 (Fri, 08 Dec 2017)
New Revision: 58365


Modified:
   data/CVE/list
Log:
link upstream commit for libpodofo/CVE-2017-8378

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-08 16:08:51 UTC (rev 58364)
+++ data/CVE/list       2017-12-08 16:36:08 UTC (rev 58365)
@@ -29189,8 +29189,8 @@
        [stretch] - libpodofo <no-dsa> (Minor issue)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
-       NOTE: 
https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
-       NOTE: Proposed patch (for wheezy) attached to bug #861597.
+       NOTE: PoC: 
https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
+       NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/
 CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in ...)
        NOT-FOR-US: GeniXCMS
 CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment 
that is ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58365 - data/CVE

Reply via email to