[Git][security-tracker-team/security-tracker][master] two xpdf issues specific to xpdf, not affecting poppler or fixed a long time ago

Moritz Muehlenhoff jmm at debian.org
Tue Sep 8 08:59:24 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b23fa749 by Moritz Muehlenhoff at 2020-09-08T09:58:39+02:00
two xpdf issues specific to xpdf, not affecting poppler or fixed a long time ago
bison fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -417,17 +417,15 @@ CVE-2020-25001
 CVE-2020-25000
 	RESERVED
 CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...)
-	- xpdf <undetermined>
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029
-	TODO: check
 CVE-2020-24998
 	RESERVED
 CVE-2020-24997
 	RESERVED
 CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
-	- xpdf <undetermined>
+	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
-	TODO: check
 CVE-2020-24995
 	RESERVED
 CVE-2020-24994
@@ -459,12 +457,12 @@ CVE-2020-24982
 CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...)
 	NOT-FOR-US: UCMS
 CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...)
-	- bison <unfixed> (unimportant)
+	- bison 2:3.7.2+dfsg-1 (unimportant)
 	NOTE: https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8
 	NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00009.html
 	NOTE: Crash in CLI tool, no security impact
 CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...)
-	- bison <unfixed> (unimportant)
+	- bison 2:3.7.2+dfsg-1 (unimportant)
 	NOTE: https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988
 	NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00008.html
 	NOTE: Crash in CLI tool, no security impact
@@ -2061,7 +2059,7 @@ CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-fr
 	NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
 	NOTE: Crash in CLI tool, no security impact
 CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...)
-	- bison <unfixed> (unimportant)
+	- bison 2:3.7.2+dfsg-1 (unimportant)
 	NOTE: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1)
 	NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html
 	NOTE: Crash in CLI tool, no security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200908/e3f9aef3/attachment.html>

More information about the debian-security-tracker-commits mailing list