Author: mattia Date: 2017-12-08 16:36:08 +0000 (Fri, 08 Dec 2017) New Revision: 58365
Modified: data/CVE/list Log: link upstream commit for libpodofo/CVE-2017-8378 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-08 16:08:51 UTC (rev 58364) +++ data/CVE/list 2017-12-08 16:36:08 UTC (rev 58365) @@ -29189,8 +29189,8 @@ [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) - NOTE: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects - NOTE: Proposed patch (for wheezy) attached to bug #861597. + NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects + NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/ CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in ...) NOT-FOR-US: GeniXCMS CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits