[Secure-testing-commits] r49550 - in data: . CVE
Brian May
bam at moszumanska.debian.org
Fri Mar 10 06:45:42 UTC 2017
Author: bam
Date: 2017-03-10 06:45:42 +0000 (Fri, 10 Mar 2017)
New Revision: 49550
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update libpodofo information
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-10 05:58:49 UTC (rev 49549)
+++ data/CVE/list 2017-03-10 06:45:42 UTC (rev 49550)
@@ -2574,6 +2574,7 @@
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+ NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/
CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
- libpodofo <unfixed> (bug #854600)
[jessie] - libpodofo <no-dsa> (Minor issue)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-10 05:58:49 UTC (rev 49549)
+++ data/dla-needed.txt 2017-03-10 06:45:42 UTC (rev 49550)
@@ -61,7 +61,9 @@
NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
libpodofo
- NOTE: 20170226: No patches available.
+ NOTE: 20170310: No patches available.
+ NOTE: Proposed patch for CVE-2017-5853, which is marked no-dsa.
+ NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/
--
libreoffice (Balint Reczey)
--
More information about the Secure-testing-commits
mailing list