[Secure-testing-commits] r48772 - data/CVE
Mattia Rizzolo
mattia at moszumanska.debian.org
Wed Feb 8 16:27:16 UTC 2017
Author: mattia
Date: 2017-02-08 16:27:16 +0000 (Wed, 08 Feb 2017)
New Revision: 48772
Modified:
data/CVE/list
Log:
Update libpodofo CVEs status
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-08 15:10:48 UTC (rev 48771)
+++ data/CVE/list 2017-02-08 16:27:16 UTC (rev 48772)
@@ -194,9 +194,9 @@
NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
CVE-2017-5886 [podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)]
RESERVED
- - libpodofo <unfixed>
+ - libpodofo <unfixed> (bug #854604)
NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
- NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
NOT-FOR-US: dotCMS
CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
@@ -708,30 +708,36 @@
CVE-2016-10194
RESERVED
NOT-FOR-US: festivaltts4r
+CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)]
+ - libpodofo <unfixed> (bug #854605)
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+ NOTE: https://marc.info/?l=oss-security&m=148603648823037&w=2
CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection]
RESERVED
- - libpodofo <unfixed> (bug #854118)
+ - libpodofo 0.9.4-1 (bug #854599)
NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
NOTE: https://sourceforge.net/p/podofo/code/1672
CVE-2017-5855 [NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection]
RESERVED
- - libpodofo <unfixed> (bug #854118)
+ - libpodofo <unfixed> (bug #854603)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp]
RESERVED
- - libpodofo <unfixed> (bug #854118)
+ - libpodofo <unfixed> (bug #854602)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
- NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
RESERVED
- - libpodofo <unfixed> (bug #854118)
+ - libpodofo <unfixed> (bug #854601)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
- NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
RESERVED
- - libpodofo <unfixed> (bug #854118)
+ - libpodofo <unfixed> (bug #854600)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
- NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
+ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and putgreytile()]
RESERVED
- netpbm-free <not-affected> (vulnerable code not present)
More information about the Secure-testing-commits
mailing list