[Secure-testing-commits] r50445 - data/CVE

Fri Apr 7 19:03:32 UTC 2017

Author: mattia
Date: 2017-04-07 19:03:31 +0000 (Fri, 07 Apr 2017)
New Revision: 50445

Modified:
   data/CVE/list
Log:
Add 3 upstream commits for libpodofo issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-07 18:51:07 UTC (rev 50444)
+++ data/CVE/list	2017-04-07 19:03:31 UTC (rev 50445)
@@ -4832,6 +4832,7 @@
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
+	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837
 CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
 	NOT-FOR-US: dotCMS
 CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
@@ -5378,6 +5379,7 @@
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...)
 	- libpodofo <unfixed> (bug #854601)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
@@ -5391,6 +5393,7 @@
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835
 CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff ...)
 	- netpbm-free <not-affected> (vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2


