[Secure-testing-commits] r48709 - data/CVE

[Mattia Rizzolo]

Author: mattia
Date: 2017-02-04 14:01:33 +0000 (Sat, 04 Feb 2017)
New Revision: 48709

Modified:
   data/CVE/list
Log:
update libpodofo info

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-04 13:10:23 UTC (rev 48708)
+++ data/CVE/list	2017-02-04 14:01:33 UTC (rev 48709)
@@ -1,6 +1,7 @@
 CVE-2017-XXXX [podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)]
 	- libpodofo <unfixed>
 	NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
+	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5877
 	RESERVED
 CVE-2017-5876
@@ -524,14 +525,17 @@
 	RESERVED
 	- libpodofo <unfixed> (bug #854118)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
+	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
 	RESERVED
 	- libpodofo <unfixed> (bug #854118)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
+	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
 	RESERVED
 	- libpodofo <unfixed> (bug #854118)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
+	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and putgreytile()]
 	RESERVED
 	- netpbm-free <not-affected> (vulnerable code not present)