[Git][security-tracker-team/security-tracker][master] 2 commits: Drop no-dsa tags for poppler issues to be fixed in stretch

Emilio Pozuelo Monfort pochu at debian.org
Thu Jul 23 11:12:37 BST 2020



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6e9c422 by Emilio Pozuelo Monfort at 2020-07-23T11:52:13+02:00
Drop no-dsa tags for poppler issues to be fixed in stretch

- - - - -
14ec1a28 by Emilio Pozuelo Monfort at 2020-07-23T12:12:08+02:00
Reserve DLA-2287-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -67274,7 +67274,6 @@ CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL point
 CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
 	{DLA-1815-1}
 	- poppler 0.71.0-5 (low; bug #926530)
-	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
@@ -87953,7 +87952,6 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shr
 CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...)
 	{DLA-1706-1}
 	- poppler 0.71.0-4 (low; bug #917325)
-	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
 	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
@@ -105764,7 +105762,6 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/
 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...)
 	{DLA-1562-3 DLA-1562-2 DLA-1562-1}
 	- poppler 0.71.0-4 (low; bug #909802)
-	[stretch] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
@@ -120960,7 +120957,6 @@ CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppl
 	{DLA-1562-1}
 	[experimental] - poppler 0.65.0-1
 	- poppler 0.69.0-2 (bug #898357)
-	[stretch] - poppler <no-dsa> (Minor issue)
 	[wheezy] - poppler <ignored> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Jul 2020] DLA-2287-1 poppler - security update
+	{CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009 CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293}
+	[stretch] - poppler 0.48.0-2+deb9u3
 [22 Jul 2020] DLA-2286-1 tomcat8 - security update
 	{CVE-2020-13934 CVE-2020-13935}
 	[stretch] - tomcat8 8.5.54-0+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -116,9 +116,6 @@ opendmarc
 pillow
   NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby)
 --
-poppler (Emilio)
-  NOTE: 20200720: wip (Emilio)
---
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c8a2248de68743aa9dd09c99f7726f26174bf58...14ec1a28f3f1fdc8011b935f4b55ae4b6181da57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c8a2248de68743aa9dd09c99f7726f26174bf58...14ec1a28f3f1fdc8011b935f4b55ae4b6181da57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200723/26dee2ea/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list