[Secure-testing-commits] r51306 - data/CVE

Wed May 3 10:37:47 UTC 2017

Author: mattia
Date: 2017-05-03 10:37:46 +0000 (Wed, 03 May 2017)
New Revision: 51306

Modified:
   data/CVE/list
Log:
record libpodofo fixes

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-03 10:15:32 UTC (rev 51305)
+++ data/CVE/list	2017-05-03 10:37:46 UTC (rev 51306)
@@ -2978,7 +2978,7 @@
 	NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...)
 	{DLA-929-1}
-	- libpodofo <unfixed> (bug #859331)
+	- libpodofo 0.9.4-5 (bug #859331)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
 	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
 CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
@@ -5708,7 +5708,7 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
 CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...)
 	{DLA-929-1}
-	- libpodofo <unfixed> (bug #861561)
+	- libpodofo 0.9.4-5 (bug #861561)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
@@ -7442,7 +7442,7 @@
 	NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
 CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken ...)
 	{DLA-929-1}
-	- libpodofo <unfixed> (bug #854604)
+	- libpodofo 0.9.4-5 (bug #854604)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
@@ -7993,14 +7993,14 @@
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...)
 	{DLA-929-1}
-	- libpodofo <unfixed> (bug #854602)
+	- libpodofo 0.9.4-5 (bug #854602)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...)
 	{DLA-929-1}
-	- libpodofo <unfixed> (bug #854601)
+	- libpodofo 0.9.4-5 (bug #854601)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
 	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936


