[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark CVEs for libpodofo as no-das
Thorsten Alteholz
alteholz at debian.org
Wed Mar 14 15:07:20 UTC 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d66d0416 by Thorsten Alteholz at 2018-03-14T16:06:59+01:00
mark CVEs for libpodofo as no-das
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -277,12 +277,14 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in .
- libpodofo <unfixed> (low; bug #892557)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
- libpodofo <unfixed> (low; bug #892556)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66d04163462e41d42ca2f65b33fd374b692d8d6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66d04163462e41d42ca2f65b33fd374b692d8d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180314/ad030381/attachment.html>
More information about the Secure-testing-commits
mailing list