[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20662/poppler

Salvatore Bonaccorso carnil at debian.org
Thu Jan 3 21:48:26 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29075c44 by Salvatore Bonaccorso at 2019-01-03T21:48:00Z
Add CVE-2018-20662/poppler

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -655,7 +655,10 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X
 CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
 	TODO: check
 CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
+	NOTE: Initial approach of fixing the issue via https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
+	NOTE: causes regressions on some files and was reverted upstream.
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
 	NOT-FOR-US: OpenRefine
 CVE-2019-3579



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29075c445fa18d1815e568621d42ac7446dd7e89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29075c445fa18d1815e568621d42ac7446dd7e89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/0c2733ab/attachment.html>


More information about the debian-security-tracker-commits mailing list