[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-14267/pdfressurect

Tue Jul 30 20:01:06 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a67297ba by Salvatore Bonaccorso at 2019-07-30T18:59:59Z
Mark CVE-2019-14267/pdfressurect

TTBOMK, pdfresurrect is used basically as CLI only. The build is done
with hardening flags enabled leading to a CLI crash only and thus with
negligible security impact. Borderline to no-dsa tagged entries, as
there might some cases where pdfresurect is used within a service with
untrusted imput.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -465,8 +465,9 @@ CVE-2019-14269
 CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2019-14267 (PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...)
-	- pdfresurrect 0.16-1
+	- pdfresurrect 0.16-1 (unimportant)
 	NOTE: https://github.com/enferex/pdfresurrect/commit/4ea7a6f4f51d0440da651d099247e2273f811dbc
+	NOTE: Crash in CLI tool, negligible security impact, hardening build
 CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
 	NOT-FOR-US: OpenSNS
 CVE-2019-14265



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a67297ba9b26c370ed4f6716beac0eed72dfbdac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a67297ba9b26c370ed4f6716beac0eed72dfbdac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/71f0bbc0/attachment.html>
