[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new xpdf issues potentially affecting poppler

Moritz Muehlenhoff Wed, 14 Mar 2018 15:30:32 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af9b5d8f by Moritz Muehlenhoff at 2018-03-14T23:29:31+01:00
new xpdf issues potentially affecting poppler
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1224,29 +1224,53 @@ CVE-2018-1000132 (Mercurial version 4.5 and earlier 
contains a Incorrect Access 
 CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket 
System version ...)
        NOT-FOR-US: Pradeep Makone wordpress Support Plus Responsive Ticket 
System
 CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent 
version 1.3.7 ...)
-       TODO: check
+       NOT-FOR-US: Jolokia
 CVE-2018-1000129 (An XSS vulnerability exists in the Jolokia agent version 
1.3.7 in the ...)
-       TODO: check
+       NOT-FOR-US: Jolokia
 CVE-2018-8109
        RESERVED
 CVE-2018-8108 (The select component in bui through 2018-03-13 has XSS because 
it ...)
-       TODO: check
+       NOT-FOR-US: bui
 CVE-2018-8107 (The JPXStream::close function in JPXStream.cc in xpdf 4.00 
allows ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in 
xpdf 4.00 ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 
4.00 allows ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00 
allows ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc 
in xpdf ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in 
xpdf ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc 
in xpdf ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 
4.00 ...)
-       TODO: check
+       - xpdf <unfixed> (unimportant)
+       NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-8099 (Incorrect returning of an error code in the 
index.c:read_entry() ...)
        - libgit2 <unfixed> (bug #892962)
        NOTE: 
https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
@@ -1257,7 +1281,7 @@ CVE-2018-8098 (Integer overflow in the 
index.c:read_entry() function while ...)
 CVE-2018-8097 (io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows 
remote ...)
        NOT-FOR-US: pyeve
 CVE-2018-8096 (Datalust Seq before 4.2.605 is vulnerable to Authentication 
Bypass ...)
-       TODO: check
+       NOT-FOR-US: Datalust Seq
 CVE-2018-8095
        RESERVED
 CVE-2018-1000128
@@ -1271,9 +1295,9 @@ CVE-2018-1000126 (Ajenti version 2 contains an 
Information Disclosure vulnerabil
 CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior 
to commit ...)
        NOT-FOR-US: inversoft prime-jwt
 CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a 
XML ...)
-       TODO: check
+       NOT-FOR-US: I Librarian I-librarian
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 
...)
-       TODO: check
+       NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL 
pointer ...)
        - graphicsmagick 1.3.27-1
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
@@ -1412,7 +1436,7 @@ CVE-2018-8047
 CVE-2018-8046
        RESERVED
 CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a 
variable ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2018-8044
        RESERVED
 CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR 
Authentication is ...)
@@ -2241,19 +2265,19 @@ CVE-2018-7709
 CVE-2018-7708
        RESERVED
 CVE-2018-7707 (Cross-site scripting (XSS) vulnerability in SecurEnvoy 
SecurMail ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7706 (Directory traversal vulnerability in SecurEnvoy SecurMail 
before ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7705 (Directory traversal vulnerability in SecurEnvoy SecurMail 
before ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7704 (SecurEnvoy SecurMail before 9.2.501 allows remote authenticated 
users ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7703 (Cross-site scripting (XSS) vulnerability in SecurEnvoy 
SecurMail ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to 
spoof ...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
-       TODO: check
+       NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c 
in ...)
        - graphicsmagick 1.3.26-8
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af9b5d8f8d0abfa3c2b61b1b55efb7ef705ee082

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af9b5d8f8d0abfa3c2b61b1b55efb7ef705ee082
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new xpdf issues potentially affecting poppler

Reply via email to