[Git][security-tracker-team/security-tracker][master] 2 commits: Reference working commits for CVE-2017-9776
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 17 21:28:47 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97f00ff4 by Salvatore Bonaccorso at 2019-09-17T20:28:29Z
Reference working commits for CVE-2017-9776
Previously
https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
was referenced but is now invalid commit for the cgit faced instance.
The change is covered by the two commits
https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
- - - - -
be777d8a by Salvatore Bonaccorso at 2019-09-17T20:28:30Z
Update status for jessie and stretch for CVE-2019-14288 and CVE-2019-14289
Both might be considered duplicates for CVE-2017-9776 or really meant to
be associated only for src:xpdf (in later case then the source package
xpdf just marked affected but unimportant as the poppler library is
used from the system).
For now, until clarfied what to do with CVE-2019-14288 and
CVE-2019-14289 track the fix for src:poppler for every suite which had
the fix.
Note for stretch we mark it with the version from DSA-4079-2 as the
patch in DSA-4079-1 was broken and required a followup update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6554,10 +6554,14 @@ CVE-2019-14290 (An issue was discovered in Xpdf 4.01.01. There is an out of boun
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14289 (An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...)
- poppler 0.57.0-2
+ [stretch] - poppler 0.48.0-2+deb9u1
+ [jessie] - poppler 0.26.5-2+deb8u4
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...)
- poppler 0.57.0-2
+ [stretch] - poppler 0.48.0-2+deb9u1
+ [jessie] - poppler 0.26.5-2+deb8u4
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
CVE-2019-14287
@@ -123164,7 +123168,8 @@ CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.c
{DSA-4079-2 DSA-4079-1 DLA-1074-1}
- poppler 0.57.0-2 (bug #865679)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541
- NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0 ...)
{DSA-4079-1 DLA-1074-1}
- poppler 0.57.0-2 (bug #865680)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e762bffbed045b18a61a5f35be4dc0c8bab6a438...be777d8ae85bd09fd44e6d44386e800edff1ecf3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e762bffbed045b18a61a5f35be4dc0c8bab6a438...be777d8ae85bd09fd44e6d44386e800edff1ecf3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/408c3164/attachment.html>
More information about the debian-security-tracker-commits
mailing list