[Git][security-tracker-team/security-tracker][master] poppler fixed

Moritz Muehlenhoff jmm at debian.org
Thu May 23 21:56:05 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
358ec8e9 by Moritz Muehlenhoff at 2019-05-23T20:55:13Z
poppler fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3519,7 +3519,7 @@ CVE-2019-10875 (A URL spoofing vulnerability was found in all international vers
 CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
-	- poppler <unfixed> (low; bug #926532)
+	- poppler 0.71.0-4 (low; bug #926532)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <not-affected> (vulnerable code is not present)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
@@ -7373,7 +7373,7 @@ CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerabili
 	NOT-FOR-US: ESAFENET CDG
 CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...)
 	{DLA-1752-1}
-	- poppler <unfixed> (bug #926673)
+	- poppler 0.71.0-4 (bug #926673)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
 CVE-2019-9630
@@ -8384,7 +8384,7 @@ CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151
 	NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
 	{DLA-1706-1}
-	- poppler <unfixed> (bug #923414)
+	- poppler 0.71.0-4 (bug #923414)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4
 CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoD ...)
@@ -13169,7 +13169,7 @@ CVE-2019-7311
 	RESERVED
 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...)
 	{DLA-1706-1}
-	- poppler <unfixed> (bug #921215)
+	- poppler 0.71.0-4 (bug #921215)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
@@ -21877,7 +21877,7 @@ CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for C
 	NOT-FOR-US: Reporting Addon for CUBA Platform
 CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...)
 	{DLA-1706-1}
-	- poppler <unfixed> (low; bug #918158)
+	- poppler 0.71.0-4 (low; bug #918158)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
@@ -22102,8 +22102,8 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object
 	NOTE: binutils not covered by security support
 CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
 	- poppler <unfixed> (low; bug #917974)
-	[buster] - poppler <no-dsa> (Minor issue)
-	[stretch] - poppler <no-dsa> (Minor issue)
+	[buster] - poppler <ignored> (Minor issue)
+	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
@@ -22547,7 +22547,7 @@ CVE-2018-1000892
 CVE-2018-1000891
 	RESERVED
 CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...)
-	- poppler <unfixed> (low; bug #917525)
+	- poppler 0.71.0-4 (low; bug #917525)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <not-affected> (vulnerable code is not present)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/703
@@ -22831,7 +22831,7 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shr
 	NOTE: Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
 CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...)
 	{DLA-1706-1}
-	- poppler <unfixed> (low; bug #917325)
+	- poppler 0.71.0-4 (low; bug #917325)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
 	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
@@ -40209,7 +40209,7 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?351c99d8ce23bbf7099dbd52771a095f67e45a2c
 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...)
 	{DLA-1562-3 DLA-1562-2 DLA-1562-1}
-	- poppler <unfixed> (low; bug #909802)
+	- poppler 0.71.0-4 (low; bug #909802)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/358ec8e959e35ffef13441bc1989269f97b0dedb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/358ec8e959e35ffef13441bc1989269f97b0dedb
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190523/022284f8/attachment.html>

More information about the debian-security-tracker-commits mailing list