[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update xpdf CVEs

Salvatore Bonaccorso carnil at debian.org
Tue Feb 20 11:33:51 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
afaae930 by Salvatore Bonaccorso at 2018-02-20T12:32:52+01:00
Update xpdf CVEs

Thanks: Florian Schlichting

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -223,17 +223,20 @@ CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to ad
 	[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
 	NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
 CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...)
-	- xpdf <undetermined>
+	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
-	TODO: check
+	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+	TODO: check, poppler
 CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...)
-	- xpdf <undetermined>
+	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
-	TODO: check
+	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+	TODO: check, poppler
 CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...)
-	- xpdf <undetermined>
+	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
-	TODO: check
+	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+	TODO: check, poppler
 CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions ...)
 	- jenkins <removed>
 CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afaae930856525732edb927dfba3b46f59569071

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afaae930856525732edb927dfba3b46f59569071
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/9dabb1bd/attachment.html>

More information about the Secure-testing-commits mailing list