[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-12494/poppler: jessie triage

Wed Jul 3 13:52:11 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba232c37 by Sylvain Beucler at 2019-07-03T12:48:44Z
CVE-2019-12494/poppler: jessie triage

- - - - -
5c373ca3 by Sylvain Beucler at 2019-07-03T12:48:45Z
CVE-2019-13173/node-fstream: jessie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,6 +23,7 @@ CVE-2019-13174
 CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...)
 	- node-fstream <unfixed>
 	[stretch] - node-fstream <ignored> (Nodejs in stretch not covered by security support)
+	[jessie] - node-fstream <ignored> (Nodejs in jessie not covered by security support)
 	NOTE: https://www.npmjs.com/advisories/886
 	NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
 CVE-2019-13172
@@ -1658,6 +1659,7 @@ CVE-2019-12494 (In Gardener before 0.20.0, incorrect access control in seed clus
 CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::transform ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 	- poppler 0.44.0-2
+	[jessie] - poppler <postponed> (patch applies cleanly, read-only, can't reproduce)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/37840827c4073dedfd37915a74eb8fe0c44843c3
 CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and  ...)
 	NOT-FOR-US: Gallagher Command Centre



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/41d778456710a7c436e26b439907ed1aed61e56e...5c373ca3064fe2c12e3c9a44005771659c984f99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/41d778456710a7c436e26b439907ed1aed61e56e...5c373ca3064fe2c12e3c9a44005771659c984f99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190703/f3f17d60/attachment.html>
