[Git][security-tracker-team/security-tracker][master] Track several poppler issues fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Thu Sep 3 20:50:34 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd9a9a30 by Salvatore Bonaccorso at 2020-09-03T21:49:42+02:00
Track several poppler issues fixed in unstable

Those were fixed earlier in experimental already and moved to unstable
with the 0.85.0-2 upload. Keep the former experimenal information just
for information.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75040,7 +75040,7 @@ CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in
 	- 3proxy <itp> (bug #718219)
 CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (bug #933812)
+	- poppler 0.85.0-2 (bug #933812)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <no-dsa> (Minor issue)
@@ -86420,7 +86420,7 @@ CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely explo
 	NOTE: https://github.com/openid/ruby-openid/commit/f526132c6cb5d9195351c16ed36dced4ca3db496
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #926721)
+	- poppler 0.85.0-2 (low; bug #926721)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <ignored> (Minor issue)
@@ -86874,7 +86874,7 @@ CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #926529)
+	- poppler 0.85.0-2 (low; bug #926529)
 	[buster] - poppler <postponed> (Revisit when fixed upstream)
 	[stretch] - poppler <postponed> (Revisit when fixed upstream)
 	[jessie] - poppler <postponed> (Revisit when fixed upstream)
@@ -89369,7 +89369,7 @@ CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.
 CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
 	{DLA-1963-1}
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #941776)
+	- poppler 0.85.0-2 (low; bug #941776)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
@@ -89558,7 +89558,7 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv
 	NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
 CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #925264)
+	- poppler 0.85.0-2 (low; bug #925264)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <not-affected> (Vulnerable code not present)
@@ -106878,7 +106878,7 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object
 CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
 	{DLA-1939-1}
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #917974)
+	- poppler 0.85.0-2 (low; bug #917974)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
@@ -118992,7 +118992,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
 CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort  ...)
 	{DLA-1706-1}
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #913177)
+	- poppler 0.85.0-2 (low; bug #913177)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
@@ -119372,7 +119372,7 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.
 	NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
 CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
 	[experimental] - poppler 0.81.0-1
-	- poppler <unfixed> (low; bug #913164)
+	- poppler 0.85.0-2 (low; bug #913164)
 	[buster] - poppler <ignored> (Negligible security impact)
 	[stretch] - poppler <ignored> (Negligible security impact)
 	[jessie] - poppler <ignored> (Negligible security impact; memory leak)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a9a3064f067cdefc20bcf4c6d37eef35f4b4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a9a3064f067cdefc20bcf4c6d37eef35f4b4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200903/fd9ddb1c/attachment.html>

More information about the debian-security-tracker-commits mailing list