[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20662/poppler
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 3 21:48:26 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29075c44 by Salvatore Bonaccorso at 2019-01-03T21:48:00Z
Add CVE-2018-20662/poppler
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -655,7 +655,10 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
TODO: check
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
+ NOTE: Initial approach of fixing the issue via https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
+ NOTE: causes regressions on some files and was reverted upstream.
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
NOT-FOR-US: OpenRefine
CVE-2019-3579
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29075c445fa18d1815e568621d42ac7446dd7e89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29075c445fa18d1815e568621d42ac7446dd7e89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/0c2733ab/attachment.html>
More information about the debian-security-tracker-commits
mailing list