[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-20662,poppler: Link to correct fixing commit.
Markus Koschany
apo at debian.org
Thu Mar 7 22:46:50 GMT 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b12426e0 by Markus Koschany at 2019-03-07T22:46:35Z
CVE-2018-20662,poppler: Link to correct fixing commit.
- - - - -
d5a51772 by Markus Koschany at 2019-03-07T22:46:35Z
Remove no-dsa tags from poppler/Jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5390,7 +5390,6 @@ CVE-2019-7311
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...)
- poppler <unfixed> (bug #921215)
[stretch] - poppler <ignored> (Minor issue)
- [jessie] - poppler <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
@@ -13793,9 +13792,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers t
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
- NOTE: Initial approach of fixing the issue via
- NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f
- NOTE: causes regressions on some files and was reverted upstream.
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
NOT-FOR-US: OpenRefine
CVE-2019-3579
@@ -14732,7 +14729,6 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shr
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef ...)
- poppler <unfixed> (low; bug #917325)
[stretch] - poppler <no-dsa> (Minor issue)
- [jessie] - poppler <postponed> (can be fixed later when patch was officially accepted)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the ...)
@@ -25528,7 +25524,6 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
- poppler <unfixed> (low; bug #913177)
[stretch] - poppler <ignored> (Minor issue)
- [jessie] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/750fa14f6bdee714f15d34837cf37c8de02ca4b6...d5a517722172dcf2d2442fc283df4992897f02e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190307/ea5937f4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list