[Secure-testing-commits] r58365 - data/CVE
Mattia Rizzolo
mattia at moszumanska.debian.org
Fri Dec 8 16:36:08 UTC 2017
Author: mattia
Date: 2017-12-08 16:36:08 +0000 (Fri, 08 Dec 2017)
New Revision: 58365
Modified:
data/CVE/list
Log:
link upstream commit for libpodofo/CVE-2017-8378
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-08 16:08:51 UTC (rev 58364)
+++ data/CVE/list 2017-12-08 16:36:08 UTC (rev 58365)
@@ -29189,8 +29189,8 @@
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
- NOTE: Proposed patch (for wheezy) attached to bug #861597.
+ NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
+ NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/
CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in ...)
NOT-FOR-US: GeniXCMS
CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is ...)
More information about the Secure-testing-commits
mailing list