Author: mattia Date: 2017-04-07 19:03:31 +0000 (Fri, 07 Apr 2017) New Revision: 50445
Modified: data/CVE/list Log: Add 3 upstream commits for libpodofo issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-07 18:51:07 UTC (rev 50444) +++ data/CVE/list 2017-04-07 19:03:31 UTC (rev 50445) @@ -4832,6 +4832,7 @@ [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837 CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...) NOT-FOR-US: dotCMS CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...) @@ -5378,6 +5379,7 @@ [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...) - libpodofo <unfixed> (bug #854601) [jessie] - libpodofo <no-dsa> (Minor issue) @@ -5391,6 +5393,7 @@ [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835 CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff ...) - netpbm-free <not-affected> (vulnerable code not present) NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits