[Git][security-tracker-team/security-tracker][master] Update information for CVE-2019-12360
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 6 09:46:46 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cd3254b by Salvatore Bonaccorso at 2019-06-06T08:40:05Z
Update information for CVE-2019-12360
Newer versions of xpdf do not include the file anymore and xpdf in
Debian uses anyway poppler. Poppler fixed the issue apparently silently
in the 0.32.0 release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -850,9 +850,13 @@ CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...)
NOT-FOR-US: EmpireCMS
CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...)
- - xpdf <unfixed>
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
+ - poppler 0.38.0-2
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
- TODO: check
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc (poppler-0.32.0)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5 (poppler-0.32.0)
+ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1136620
CVE-2019-12359
RESERVED
CVE-2019-12358
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190606/404c4a49/attachment.html>
More information about the debian-security-tracker-commits
mailing list