[Git][security-tracker-team/security-tracker][master] poppler updates

Moritz Muehlenhoff jmm at debian.org
Wed Apr 17 17:47:51 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
089dfee1 by Moritz Muehlenhoff at 2019-04-17T16:47:21Z
poppler updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -491,8 +491,9 @@ CVE-2015-9284
 CVE-2019-11027
 	RESERVED
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
-	- poppler <unfixed> (bug #926721)
+	- poppler <unfixed> (low; bug #926721)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/97bbfd67d7fa4d633e10e3dc90fd523051607836
 CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
 	{DLA-1757-1}
 	- cacti 1.2.2+ds1-2 (low; bug #926700)
@@ -901,10 +902,14 @@ CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL point
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
 CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
-	- poppler <unfixed> (bug #926530)
+	- poppler <unfixed> (low; bug #926530)
+	[buster] - poppler <postponed> (Revisit when fixed upstream)
+	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
-	- poppler <unfixed> (bug #926529)
+	- poppler <unfixed> (low; bug #926529)
+	[buster] - poppler <postponed> (Revisit when fixed upstream)
+	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
 CVE-2019-10870
 	RESERVED
@@ -4824,12 +4829,16 @@ CVE-2019-9547 (In Storage Performance Development Kit (SPDK) before 19.01, a mal
 CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege esca ...)
 	NOT-FOR-US: SolarWinds Orion Platform
 CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call,  ...)
-	- poppler <unfixed> (bug #923552)
+	- poppler <unfixed> (low; bug #923552)
+	[buster] - poppler <postponed> (Revisit when fixed upstream)
+	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/731
 CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds write oc ...)
 	NOT-FOR-US: Bento4
 CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function call,  ...)
-	- poppler <unfixed> (bug #923553)
+	- poppler <unfixed> (low; bug #923553)
+	[buster] - poppler <postponed> (Revisit when fixed upstream)
+	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
 CVE-2019-9542
 	RESERVED
@@ -19838,6 +19847,7 @@ CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocat
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
 	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
 CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
 	NOT-FOR-US: S-CMS
 CVE-2018-20479 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
@@ -31179,6 +31189,7 @@ CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory lea
 	[stretch] - poppler <ignored> (Negligible security impact)
 	[jessie] - poppler <ignored> (Negligible security impact; memory leak)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/e07c8b4784234383cb5ddcf1133ea91a772506e2
 CVE-2018-18896
 	RESERVED
 CVE-2018-18895



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/089dfee16b3db024b4e70ffa5c137ea8e41e931d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/089dfee16b3db024b4e70ffa5c137ea8e41e931d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/e92fe54a/attachment.html>

More information about the debian-security-tracker-commits mailing list