[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark some libpodofo CVEs as fixed
Mattia Rizzolo
mattia at debian.org
Sat Feb 24 10:59:33 UTC 2018
Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb48db19 by Mattia Rizzolo at 2018-02-24T11:59:02+01:00
mark some libpodofo CVEs as fixed
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5923,7 +5923,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...)
- - libpodofo <unfixed> (low)
+ - libpodofo 0.9.5-9 (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -5999,7 +5999,7 @@ CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in th
[wheezy] - libpodofo <no-dsa> (Minor issue)
TODO: check, possibly not reported upstream only in Red Hat Bugzilla
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
- - libpodofo <unfixed> (low; bug #889511)
+ - libpodofo 0.9.5-9 (low; bug #889511)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -45959,7 +45959,7 @@ CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in ...)
- - libpodofo <unfixed> (bug #861597)
+ - libpodofo 0.9.5-9 (bug #861597)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -46857,7 +46857,7 @@ CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests refe
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
NOT-FOR-US: WatchGuard
CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...)
- - libpodofo <unfixed> (bug #860995)
+ - libpodofo 0.9.5-9 (bug #860995)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -52456,7 +52456,7 @@ CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...)
- - libpodofo <unfixed> (bug #861562)
+ - libpodofo 0.9.5-9 (bug #861562)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb48db19539844d9f4e381af6602bbc5c8daa5f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180224/56c8f6c7/attachment.html>
More information about the Secure-testing-commits
mailing list