[Secure-testing-commits] r57786 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Nov 18 17:52:46 UTC 2017
Author: apo
Date: 2017-11-18 17:52:46 +0000 (Sat, 18 Nov 2017)
New Revision: 57786
Modified:
data/CVE/list
Log:
CVE-2017-14929,poppler: Mark as ignored for Wheezy
The vulnerability (infinite loop) is not reproducible with the provided POC in
Wheezy. The code looks similar although it differs in function names (drawform
-> doform1) and function parameters. The fix requires an API change. It is not
clear to me whether the package in Wheezy is still affected but following
upstream's fix would require a rebuild of all reverse-dependencies. I'm going
to mark this issue as ignored because it is not clear if the fix is needed and
the current solution is probably too intrusive to backport.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-18 17:14:24 UTC (rev 57785)
+++ data/CVE/list 2017-11-18 17:52:46 UTC (rev 57786)
@@ -5682,6 +5682,7 @@
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e
CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
- poppler <unfixed> (bug #877222)
+ [wheezy] - poppler <ignored> (unreproducible, requires API change which appears to be too intrusive in this case.)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in ...)
More information about the Secure-testing-commits
mailing list