[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add a note with the upstream commits

Mattia Rizzolo mattia at debian.org
Sun Mar 11 15:36:58 UTC 2018 

Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c20878eb by Mattia Rizzolo at 2018-03-11T16:35:55+01:00
add a note with the upstream commits

Signed-off-by: Mattia Rizzolo <mattia at debian.org>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -108,6 +108,7 @@ CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
 	- libpodofo <unfixed> (bug #892556)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
 	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
+	NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
 CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...)
 	- libpodofo <unfixed> (bug #892520)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
@@ -7770,6 +7771,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/tickets/5/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
+	Note: upstream commit: https://sourceforge.net/p/podofo/code/1907
 CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...)
 	- libpodofo 0.9.5-9 (low)
 	[stretch] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180311/308c585c/attachment.html>

More information about the Secure-testing-commits mailing list