[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-15889/libpodofo

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cb3ebbb by Salvatore Bonaccorso at 2019-08-11T06:51:10Z
Add fixed version for CVE-2018-15889/libpodofo

It is confirmed in upstream issue tracker that the fix is the same, and
likely it is a duplicate on it's own. It is not yet confirmed by MITRE
if they treat those as distinct issue, so adding just the fixed version
for now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51067,8 +51067,7 @@ CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 14.0.
 CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserializ ...)
 	NOT-FOR-US: EthereumJ
 CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base ...)
-	- libpodofo <unfixed> (low; bug #916167)
-	[buster] - libpodofo <no-dsa> (Minor issue)
+	- libpodofo 0.9.6+dfsg-4 (low; bug #916167)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: (possible, but not yet confirmed) duplicate of CVE-2018-5783



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cb3ebbbcfcf5ec0368c1fd703218e9eef648452

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cb3ebbbcfcf5ec0368c1fd703218e9eef648452
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190811/be7bb9b9/attachment.html>