[Secure-testing-commits] r50961 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Apr 23 11:26:34 UTC 2017
Author: carnil
Date: 2017-04-23 11:26:34 +0000 (Sun, 23 Apr 2017)
New Revision: 50961
Modified:
data/CVE/list
Log:
Add two new libpodofo issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-23 11:26:09 UTC (rev 50960)
+++ data/CVE/list 2017-04-23 11:26:34 UTC (rev 50961)
@@ -69,9 +69,12 @@
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
NOT-FOR-US: WatchGuard
CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...)
- TODO: check
+ - libpodofo <unfixed>
+ NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
+ NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC
CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack ...)
- TODO: check
+ - libpodofo <unfixed>
+ NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
NOT-FOR-US: Craft CMS
CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
More information about the Secure-testing-commits
mailing list