[Git][security-tracker-team/security-tracker][master] update libpodofo's CVEs
Mattia Rizzolo
mattia at debian.org
Mon Jul 9 11:07:03 BST 2018
Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a88ada2 by Mattia Rizzolo at 2018-07-09T12:06:28+02:00
update libpodofo's CVEs
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1669,10 +1669,12 @@ CVE-2018-12983 (A stack-based buffer over-read in the ...)
- libpodofo <unfixed> (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595693
+ NOTE: https://sourceforge.net/p/podofo/tickets/23
CVE-2018-12982 (Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function ...)
- libpodofo <unfixed> (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595689
+ NOTE: https://sourceforge.net/p/podofo/tickets/22
CVE-2018-12981
RESERVED
CVE-2018-12980
@@ -6248,18 +6250,21 @@ CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function ...)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575851
+ NOTE: https://sourceforge.net/p/podofo/tickets/21
CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function ...)
- libpodofo <unfixed> (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
+ NOTE: https://sourceforge.net/p/podofo/tickets/20
CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive ...)
- libpodofo <unfixed> (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576174
+ NOTE: https://sourceforge.net/p/podofo/tickets/19
CVE-2018-11253
RESERVED
CVE-2018-11252
@@ -22862,6 +22867,7 @@ CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in th
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/6/
+ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1925
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
- libpodofo 0.9.5-9 (low; bug #889511)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -64938,6 +64944,8 @@ CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and sta
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
NOTE: https://sourceforge.net/p/podofo/tickets/7/
+ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1834
+ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1924
CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
NOT-FOR-US: Craft CMS
CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
@@ -70409,13 +70417,14 @@ CVE-2017-6428
CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A ...)
NOT-FOR-US: EvoStream Media Server
CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in ...)
- - libpodofo <unfixed> (bug #861566)
+ - libpodofo 0.9.5-9 (bug #861566)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
NOTE: https://sourceforge.net/p/podofo/tickets/8/
+ NOTE: Same fix as for CVE-2017-6845
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861565)
@@ -70432,13 +70441,14 @@ CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in P
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...)
- - libpodofo <unfixed> (bug #861563)
+ - libpodofo 0.9.5-9 (bug #861563)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
NOTE: https://sourceforge.net/p/podofo/tickets/9/
+ NOTE: Same fix as for CVE-2017-6845
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...)
- libpodofo 0.9.5-9 (bug #861562)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -70474,13 +70484,14 @@ CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...)
- - libpodofo <unfixed> (bug #861558)
+ - libpodofo 0.9.5-9 (bug #861558)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
NOTE: https://sourceforge.net/p/podofo/tickets/10/
+ NOTE: Same fix as for CVE-2017-6845
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861557)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a88ada26271b6f2e12ebcb3dd2bacfa0f20e1eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a88ada26271b6f2e12ebcb3dd2bacfa0f20e1eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180709/17fcaef3/attachment.html>
More information about the debian-security-tracker-commits
mailing list