[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] link upstream bug reports for libpodofo cves
Mattia Rizzolo
mattia at debian.org
Sat Feb 24 15:30:17 UTC 2018
Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1ed5975 by Mattia Rizzolo at 2018-02-24T16:29:49+01:00
link upstream bug reports for libpodofo cves
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3255,6 +3255,7 @@ CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1539237
+ NOTE: https://sourceforge.net/p/podofo/tickets/3/
CVE-2018-6351
RESERVED
CVE-2018-6350
@@ -4696,6 +4697,7 @@ CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in th
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/podofo/tickets/4/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1536179
CVE-2018-5782
RESERVED
@@ -5931,6 +5933,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/podofo/tickets/5/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...)
- libpodofo 0.9.5-9 (low)
@@ -6007,7 +6010,7 @@ CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in th
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- TODO: check, possibly not reported upstream only in Red Hat Bugzilla
+ NOTE: https://sourceforge.net/p/podofo/tickets/6/
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
- libpodofo 0.9.5-9 (low; bug #889511)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -46888,9 +46891,7 @@ CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and sta
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
+ NOTE: https://sourceforge.net/p/podofo/tickets/7/
CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
NOT-FOR-US: Craft CMS
CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
@@ -52437,11 +52438,9 @@ CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
+ NOTE: https://sourceforge.net/p/podofo/tickets/8/
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861565)
@@ -52462,11 +52461,9 @@ CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
+ NOTE: https://sourceforge.net/p/podofo/tickets/9/
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...)
- libpodofo 0.9.5-9 (bug #861562)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -52506,11 +52503,9 @@ CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: The motivation for no-dsa in wheezy is that there are no known
- NOTE: services that use this library (apart from desktop applications)
- NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
+ https://sourceforge.net/p/podofo/tickets/10/
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861557)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1ed59756d3cc539d012df94a8b4cfb6ae56e33a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1ed59756d3cc539d012df94a8b4cfb6ae56e33a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180224/f1daeeb0/attachment.html>
More information about the Secure-testing-commits
mailing list