[Secure-testing-commits] r52127 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue May 30 19:27:23 UTC 2017
Author: carnil
Date: 2017-05-30 19:27:23 +0000 (Tue, 30 May 2017)
New Revision: 52127
Modified:
data/CVE/list
Log:
Remove no-dsa tagged entries which got an update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-30 19:27:14 UTC (rev 52126)
+++ data/CVE/list 2017-05-30 19:27:23 UTC (rev 52127)
@@ -5211,37 +5211,21 @@
RESERVED
CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...)
- libpodofo 0.9.4-6 (bug #859329)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...)
- libpodofo 0.9.4-6 (bug #859329)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...)
- libpodofo 0.9.4-6 (bug #859329)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...)
- libpodofo 0.9.4-6 (bug #859329)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
@@ -5252,10 +5236,6 @@
NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
- libpodofo 0.9.4-6 (bug #859330)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
@@ -7966,19 +7946,11 @@
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
- libpodofo 0.9.4-6 (bug #861565)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
- libpodofo 0.9.4-6 (bug #861564)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
@@ -8012,10 +7984,6 @@
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
- libpodofo 0.9.4-6 (bug #861559)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
@@ -8030,10 +7998,6 @@
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
- libpodofo 0.9.4-6 (bug #861557)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
More information about the Secure-testing-commits
mailing list