[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] podofo no-dsa

Moritz Muehlenhoff jmm at debian.org
Mon Mar 12 18:16:23 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
754a726e by Moritz Muehlenhoff at 2018-03-12T19:16:01+01:00
podofo no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -150,11 +150,15 @@ CVE-2018-8004
 CVE-2018-8003
 	RESERVED
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...)
-	- libpodofo <unfixed> (bug #892557)
+	- libpodofo <unfixed> (low; bug #892557)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
 	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
 CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
-	- libpodofo <unfixed> (bug #892556)
+	- libpodofo <unfixed> (low; bug #892556)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
 	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
 	NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
@@ -162,6 +166,7 @@ CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...)
 	- libpodofo <unfixed> (bug #892520)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
 	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/13/
+	NOTE: Believed to be a dupe of CVE-2017-5886
 CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference ...)
 	- graphite2 1.3.11-2 (bug #892590)
 	[stretch] - graphite2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/754a726e52d0edc421a53abdf20cfc53655a6a44

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/754a726e52d0edc421a53abdf20cfc53655a6a44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180312/5159d3a3/attachment-0001.html>

More information about the Secure-testing-commits mailing list