[Secure-testing-commits] r51694 - data/CVE

Mattia Rizzolo Wed, 17 May 2017 06:06:14 -0700

Author: mattia
Date: 2017-05-17 13:05:40 +0000 (Wed, 17 May 2017)
New Revision: 51694


Modified:
   data/CVE/list
Log:
mark fixed versions in some libpodofo CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-17 11:08:37 UTC (rev 51693)
+++ data/CVE/list       2017-05-17 13:05:40 UTC (rev 51694)
@@ -4375,7 +4375,7 @@
 CVE-2017-7384
        RESERVED
 CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows 
remote ...)
-       - libpodofo <unfixed> (bug #859329)
+       - libpodofo 0.9.4-6 (bug #859329)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -4384,7 +4384,7 @@
        NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows 
remote ...)
-       - libpodofo <unfixed> (bug #859329)
+       - libpodofo 0.9.4-6 (bug #859329)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -4393,7 +4393,7 @@
        NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote 
attackers ...)
-       - libpodofo <unfixed> (bug #859329)
+       - libpodofo 0.9.4-6 (bug #859329)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -4402,7 +4402,7 @@
        NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote 
attackers ...)
-       - libpodofo <unfixed> (bug #859329)
+       - libpodofo 0.9.4-6 (bug #859329)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -4416,7 +4416,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
        NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
 CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp 
in PoDoFo ...)
-       - libpodofo <unfixed> (bug #859330)
+       - libpodofo 0.9.4-6 (bug #859330)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -7121,7 +7121,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
 CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp 
in ...)
-       - libpodofo <unfixed> (bug #861565)
+       - libpodofo 0.9.4-6 (bug #861565)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -7130,7 +7130,7 @@
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in 
PoDoFo ...)
-       - libpodofo <unfixed> (bug #861564)
+       - libpodofo 0.9.4-6 (bug #861564)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -7161,13 +7161,13 @@
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
 CVE-2017-6843 (Heap-based buffer overflow in the 
PoDoFo::PdfVariant::DelayedLoad ...)
-       - libpodofo <unfixed> (bug #861560)
+       - libpodofo 0.9.4-6 (bug #861560)
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
        NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
 CVE-2017-6842 (The ColorChanger::GetColorFromStack function in 
colorchanger.cpp in ...)
-       - libpodofo <unfixed> (bug #861559)
+       - libpodofo 0.9.4-6 (bug #861559)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -7185,7 +7185,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
 CVE-2017-6840 (The ColorChanger::GetColorFromStack function in 
colorchanger.cpp in ...)
-       - libpodofo <unfixed> (bug #861557)
+       - libpodofo 0.9.4-6 (bug #861557)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: The motivation for no-dsa in wheezy is that there are no known
        NOTE: services that use this library (apart from desktop applications)
@@ -9443,7 +9443,7 @@
        NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
        NOTE: https://sourceforge.net/p/podofo/code/1672
 CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in 
PdfParser.cpp in ...)
-       - libpodofo <unfixed> (bug #854603)
+       - libpodofo 0.9.4-6 (bug #854603)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51694 - data/CVE

Reply via email to