[Git][security-tracker-team/security-tracker][master] xpdf triage

Moritz Muehlenhoff jmm at debian.org
Sun Mar 31 17:17:36 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1212b8de by Moritz Muehlenhoff at 2019-03-31T16:17:02Z
xpdf triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1343,23 +1343,24 @@ CVE-2019-10028
 CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field  ...)
 	NOT-FOR-US: PHPCMS
 CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10025 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10024 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10023 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10022 (An issue was discovered in Xpdf 4.01.01. There is a NULL pointer deref ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10021 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec at Function.cc:1374-42___FPE PoC)
 CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1212b8de357834389f51f40e9674424231431f5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1212b8de357834389f51f40e9674424231431f5b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190331/a3ab2d44/attachment.html>

More information about the debian-security-tracker-commits mailing list