[Secure-testing-commits] r50962 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-04-23 11:34:18 +0000 (Sun, 23 Apr 2017)
New Revision: 50962

Modified:
   data/CVE/list
Log:
Add bug references for libpodofo issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-23 11:26:34 UTC (rev 50961)
+++ data/CVE/list	2017-04-23 11:34:18 UTC (rev 50962)
@@ -69,11 +69,11 @@
 CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
 	NOT-FOR-US: WatchGuard
 CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...)
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #860995)
 	NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
 	NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC
 CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack ...)
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #860994)
 	NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
 CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
 	NOT-FOR-US: Craft CMS