Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4b681c52 by Moritz Muehlenhoff at 2018-03-16T19:39:29+01:00 Resolve various xpdf TODOs The code has diverged quite a bit and an older version of poppler correctly sanitises all the cases, so drop the TODO. It's not relevant to us anyway since we use xpdf based on poppler only. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1304,42 +1304,42 @@ CVE-2018-8107 (The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() ...) - libgit2 <unfixed> (bug #892962) NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe @@ -3159,20 +3159,22 @@ CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 - TODO: check, poppler + NOTE: src:xpdf switched to use system poppler libary in 3.02-3 + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814 - TODO: check, poppler + NOTE: src:xpdf switched to use system poppler libary in 3.02-3 + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in ...) - xpdf <unfixed> (unimportant) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 NOTE: src:xpdf switched to use system poppler libary in 3.02-3 - TODO: check, poppler + NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-7451 RESERVED CVE-2018-7450 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b681c52405870f51f0c441f6167f75b0042fb95 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b681c52405870f51f0c441f6167f75b0042fb95 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits