[Secure-testing-commits] r49550 - in data: . CVE

Brian May bam at moszumanska.debian.org
Fri Mar 10 06:45:42 UTC 2017


Author: bam
Date: 2017-03-10 06:45:42 +0000 (Fri, 10 Mar 2017)
New Revision: 49550

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Update libpodofo information

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-10 05:58:49 UTC (rev 49549)
+++ data/CVE/list	2017-03-10 06:45:42 UTC (rev 49550)
@@ -2574,6 +2574,7 @@
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+	NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/
 CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
 	- libpodofo <unfixed> (bug #854600)
 	[jessie] - libpodofo <no-dsa> (Minor issue)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-03-10 05:58:49 UTC (rev 49549)
+++ data/dla-needed.txt	2017-03-10 06:45:42 UTC (rev 49550)
@@ -61,7 +61,9 @@
   NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
 --
 libpodofo
-  NOTE: 20170226: No patches available.
+  NOTE: 20170310: No patches available.
+  NOTE: Proposed patch for CVE-2017-5853, which is marked no-dsa.
+  NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/
 --
 libreoffice (Balint Reczey)
 --




More information about the Secure-testing-commits mailing list