[Secure-testing-commits] r51185 - data/CVE

Markus Koschany apo at moszumanska.debian.org
Sat Apr 29 16:31:07 UTC 2017 

Author: apo
Date: 2017-04-29 16:31:07 +0000 (Sat, 29 Apr 2017)
New Revision: 51185

Modified:
   data/CVE/list
Log:
Remove no-dsa for some libpodofo issues in Wheezy

Will be fixed with an upcoming DLA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-29 15:36:06 UTC (rev 51184)
+++ data/CVE/list	2017-04-29 16:31:07 UTC (rev 51185)
@@ -7512,7 +7512,6 @@
 CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection ...)
 	- libpodofo 0.9.4-1 (bug #854599)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
 	NOTE: https://sourceforge.net/p/podofo/code/1672
 CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
@@ -7524,14 +7523,12 @@
 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...)
 	- libpodofo <unfixed> (bug #854602)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...)
 	- libpodofo <unfixed> (bug #854601)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 	NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/
@@ -7539,7 +7536,6 @@
 CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
 	- libpodofo <unfixed> (bug #854600)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 	NOTE: upstream commits: https://sourceforge.net/p/podofo/code/1835 - https://sourceforge.net/p/podofo/code/1838 - https://sourceforge.net/p/podofo/code/1841/

More information about the Secure-testing-commits mailing list