[Secure-testing-commits] r54771 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 15 19:11:51 UTC 2017
Author: carnil
Date: 2017-08-15 19:11:51 +0000 (Tue, 15 Aug 2017)
New Revision: 54771
Modified:
data/CVE/list
Log:
Revert "poppler fixed in experimental/NEW" and tag it for experimental
This reverts commit 5a469309c1e4ffdd8255b485402054fee0f59d84.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-15 16:55:56 UTC (rev 54770)
+++ data/CVE/list 2017-08-15 19:11:51 UTC (rev 54771)
@@ -6260,7 +6260,8 @@
CVE-2017-9866
RESERVED
CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 ...)
- - poppler 0.57.0-1 (bug #867477)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (bug #867477)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774
NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=75fff6556eaf0ef3a6fcdef2c2229d0b6d1c58d9
@@ -7847,11 +7848,13 @@
CVE-2017-9777
RESERVED
CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...)
- - poppler 0.57.0-1 (bug #865679)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (bug #865679)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541
NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before ...)
- - poppler 0.57.0-1 (bug #865680)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (bug #865680)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...)
@@ -9029,7 +9032,8 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
NOTE: https://github.com/ImageMagick/ImageMagick/issues/458
CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
- - poppler 0.57.0-1 (low; bug #864009)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (low; bug #864009)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
[wheezy] - poppler <no-dsa> (Minor issue)
@@ -9041,7 +9045,8 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
NOTE: https://github.com/ImageMagick/ImageMagick/issues/459
CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
- - poppler 0.57.0-1 (low; bug #864010)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (low; bug #864010)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
[wheezy] - poppler <no-dsa> (Minor issue)
@@ -14911,7 +14916,8 @@
CVE-2017-7516
RESERVED
CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled ...)
- - poppler 0.57.0-1 (unimportant)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (unimportant)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3
NOTE: Crash in CLI tool, no security implications
@@ -14924,7 +14930,8 @@
CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before ...)
NOT-FOR-US: Red Hat 3scale
CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer ...)
- - poppler 0.57.0-1 (unimportant; bug #863759)
+ [experimental] - poppler 0.57.0-1
+ - poppler <unfixed> (unimportant; bug #863759)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101149
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153
NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
More information about the Secure-testing-commits
mailing list