[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-10871/poppler: reference upstream fix, unset jessie postposned

Sat Oct 5 13:27:53 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1c6bd84 by Sylvain Beucler at 2019-10-05T12:27:30Z
CVE-2019-10871/poppler: reference upstream fix, unset jessie postposned

- - - - -
26a2d714 by Sylvain Beucler at 2019-10-05T12:27:30Z
dla: add poppler

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18819,8 +18819,9 @@ CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based
 	- poppler <unfixed> (low; bug #926529)
 	[buster] - poppler <postponed> (Revisit when fixed upstream)
 	[stretch] - poppler <postponed> (Revisit when fixed upstream)
-	[jessie] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 (rejected in favor of always enabling SPLASH_CMYK)
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 (always enable SPLASH_CMYK)
 CVE-2019-10870
 	RESERVED
 CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -120,6 +120,8 @@ pam-python
 --
 polarssl
 --
+poppler
+--
 radare2
   NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
   NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c7a4e4c8882be87d900acc34da75b255094c0898...26a2d71408f228d63d04446d4c60ae6fb889957d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c7a4e4c8882be87d900acc34da75b255094c0898...26a2d71408f228d63d04446d4c60ae6fb889957d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191005/e174877e/attachment-0001.html>
