[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-20662,poppler: Remove no-dsa tag for Jessie.

Fri Mar 8 17:54:05 GMT 2019

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34860bd6 by Markus Koschany at 2019-03-08T17:52:40Z
CVE-2018-20662,poppler: Remove no-dsa tag for Jessie.

- - - - -
6d4954f0 by Markus Koschany at 2019-03-08T17:53:55Z
Reserve DLA-1706-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13860,7 +13860,6 @@ CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for C
 CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ...)
 	- poppler <unfixed> (low; bug #918158)
 	[stretch] - poppler <no-dsa> (Minor issue)
-	[jessie] - poppler <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Mar 2019] DLA-1706-1 poppler - security update
+	{CVE-2018-19058 CVE-2018-20481 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200}
+	[jessie] - poppler 0.26.5-2+deb8u8
 [05 Mar 2019] DLA-1705-1 sox - security update
 	{CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371}
 	[jessie] - sox 14.4.1-5+deb8u3


=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ php5 (Thorsten Alteholz)
 polarssl
   NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
 --
-poppler (Markus Koschany)
---
 qemu
   NOTE: CVE-2018-19665: wait for final patch
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d8e26a879e728f668a2a02a68622fc34f36207b7...6d4954f0145de1c0322ef791acbe74024221e862

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d8e26a879e728f668a2a02a68622fc34f36207b7...6d4954f0145de1c0322ef791acbe74024221e862
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190308/95dfcb75/attachment-0001.html>
