[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-35702/poppler

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aea4bf28 by Salvatore Bonaccorso at 2020-12-25T14:37:48+01:00
Update information for CVE-2020-35702/poppler

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,10 +11,10 @@ CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the
 CVE-2020-35703
 	RESERVED
 CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...)
-	- poppler <undetermined>
+	- poppler <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
-	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
-	TODO: check
+	NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
+	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
 CVE-2020-35701
 	RESERVED
 CVE-2020-35700



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea4bf288ce1aa8ea9293b6052ebb743aa861c5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea4bf288ce1aa8ea9293b6052ebb743aa861c5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201225/2bb92ec3/attachment.html>