[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] tiff postponed

Moritz Muehlenhoff jmm at debian.org
Tue Feb 27 17:54:07 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e81c72a by Moritz Muehlenhoff at 2018-02-27T18:53:29+01:00
tiff postponed
xpdf unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -215,6 +215,8 @@ CVE-2018-7457
 	RESERVED
 CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in ...)
 	- tiff <unfixed> (bug #891288)
+	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
+	[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
 CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in ...)
@@ -223,13 +225,13 @@ CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc 
 	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
 	TODO: check, poppler
 CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf ...)
-	- xpdf <unfixed>
+	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
-	TODO: check
+	TODO: check, poppler
 CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...)
-	- xpdf <unfixed>
+	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814
-	TODO: check
+	TODO: check, poppler
 CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in ...)
 	- xpdf <unfixed> (unimportant)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e81c72aafc4fbae5fb6dda2446f157af2367b09

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e81c72aafc4fbae5fb6dda2446f157af2367b09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180227/b2073daa/attachment.html>

More information about the Secure-testing-commits mailing list