[Secure-testing-commits] r51694 - data/CVE
Mattia Rizzolo
mattia at moszumanska.debian.org
Wed May 17 13:05:40 UTC 2017
Author: mattia
Date: 2017-05-17 13:05:40 +0000 (Wed, 17 May 2017)
New Revision: 51694
Modified:
data/CVE/list
Log:
mark fixed versions in some libpodofo CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-17 11:08:37 UTC (rev 51693)
+++ data/CVE/list 2017-05-17 13:05:40 UTC (rev 51694)
@@ -4375,7 +4375,7 @@
CVE-2017-7384
RESERVED
CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...)
- - libpodofo <unfixed> (bug #859329)
+ - libpodofo 0.9.4-6 (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -4384,7 +4384,7 @@
NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...)
- - libpodofo <unfixed> (bug #859329)
+ - libpodofo 0.9.4-6 (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -4393,7 +4393,7 @@
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...)
- - libpodofo <unfixed> (bug #859329)
+ - libpodofo 0.9.4-6 (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -4402,7 +4402,7 @@
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...)
- - libpodofo <unfixed> (bug #859329)
+ - libpodofo 0.9.4-6 (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -4416,7 +4416,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
- - libpodofo <unfixed> (bug #859330)
+ - libpodofo 0.9.4-6 (bug #859330)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -7121,7 +7121,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
- - libpodofo <unfixed> (bug #861565)
+ - libpodofo 0.9.4-6 (bug #861565)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -7130,7 +7130,7 @@
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
- - libpodofo <unfixed> (bug #861564)
+ - libpodofo 0.9.4-6 (bug #861564)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -7161,13 +7161,13 @@
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad ...)
- - libpodofo <unfixed> (bug #861560)
+ - libpodofo 0.9.4-6 (bug #861560)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
- - libpodofo <unfixed> (bug #861559)
+ - libpodofo 0.9.4-6 (bug #861559)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -7185,7 +7185,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
- - libpodofo <unfixed> (bug #861557)
+ - libpodofo 0.9.4-6 (bug #861557)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
@@ -9443,7 +9443,7 @@
NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
NOTE: https://sourceforge.net/p/podofo/code/1672
CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
- - libpodofo <unfixed> (bug #854603)
+ - libpodofo 0.9.4-6 (bug #854603)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
More information about the Secure-testing-commits
mailing list