Mattia Rizzolo pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb48db19 by Mattia Rizzolo at 2018-02-24T11:59:02+01:00
mark some libpodofo CVEs as fixed
Signed-off-by: Mattia Rizzolo <mat...@debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5923,7 +5923,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer
overflow in the ...)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the
...)
- - libpodofo <unfixed> (low)
+ - libpodofo 0.9.5-9 (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -5999,7 +5999,7 @@ CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled
memory allocation in th
[wheezy] - libpodofo <no-dsa> (Minor issue)
TODO: check, possibly not reported upstream only in Red Hat Bugzilla
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
- - libpodofo <unfixed> (low; bug #889511)
+ - libpodofo 0.9.5-9 (low; bug #889511)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -45959,7 +45959,7 @@ CVE-2017-8379 (Memory leak in the keyboard input event
handlers support in QEMU
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects
function in ...)
- - libpodofo <unfixed> (bug #861597)
+ - libpodofo 0.9.5-9 (bug #861597)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -46857,7 +46857,7 @@ CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier
mishandles requests refe
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the
Firebox ...)
NOT-FOR-US: WatchGuard
CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in
PdfPageTree.cpp:464 ...)
- - libpodofo <unfixed> (bug #860995)
+ - libpodofo 0.9.5-9 (bug #860995)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -52456,7 +52456,7 @@ CVE-2017-6846 (The
GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in
PoDoFo ...)
- - libpodofo <unfixed> (bug #861562)
+ - libpodofo 0.9.5-9 (bug #861562)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
