<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/97f00ff4d6290c2fbf468816d32f61f076285873">97f00ff4</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-09-17T20:28:29Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reference working commits for CVE-2017-9776

Previously

https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc

was referenced but is now invalid commit for the cgit faced instance.

The change is covered by the two commits

https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2

https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/be777d8ae85bd09fd44e6d44386e800edff1ecf3">be777d8a</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-09-17T20:28:30Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update status for jessie and stretch for CVE-2019-14288 and CVE-2019-14289

Both might be considered duplicates for CVE-2017-9776 or really meant to

be associated only for src:xpdf (in later case then the source package

xpdf just marked affected but unimportant as the poppler library is

used from the system).

For now, until clarfied what to do with CVE-2019-14288 and

CVE-2019-14289 track the fix for src:poppler for every suite which had

the fix.

Note for stretch we mark it with the version from DSA-4079-2 as the

patch in DSA-4079-1 was broken and required a followup update.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/e762bffbed045b18a61a5f35be4dc0c8bab6a438...be777d8ae85bd09fd44e6d44386e800edff1ecf3#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/e762bffbed045b18a61a5f35be4dc0c8bab6a438...be777d8ae85bd09fd44e6d44386e800edff1ecf3">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>