Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits: bb48db19 by Mattia Rizzolo at 2018-02-24T11:59:02+01:00 mark some libpodofo CVEs as fixed Signed-off-by: Mattia Rizzolo <mat...@debian.org> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -5923,7 +5923,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381 CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...) - - libpodofo <unfixed> (low) + - libpodofo 0.9.5-9 (low) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -5999,7 +5999,7 @@ CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in th [wheezy] - libpodofo <no-dsa> (Minor issue) TODO: check, possibly not reported upstream only in Red Hat Bugzilla CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...) - - libpodofo <unfixed> (low; bug #889511) + - libpodofo 0.9.5-9 (low; bug #889511) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -45959,7 +45959,7 @@ CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU [wheezy] - qemu-kvm <no-dsa> (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in ...) - - libpodofo <unfixed> (bug #861597) + - libpodofo 0.9.5-9 (bug #861597) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -46857,7 +46857,7 @@ CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests refe CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...) NOT-FOR-US: WatchGuard CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...) - - libpodofo <unfixed> (bug #860995) + - libpodofo 0.9.5-9 (bug #860995) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -52456,7 +52456,7 @@ CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/ CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...) - - libpodofo <unfixed> (bug #861562) + - libpodofo 0.9.5-9 (bug #861562) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits