[Git][security-tracker-team/security-tracker][master] add xpdf/poppler clarification

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 31 12:52:57 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37e036fc by Moritz Muehlenhoff at 2022-08-31T13:52:26+02:00
add xpdf/poppler clarification

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -706,6 +706,8 @@ CVE-2022-38785
 CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...)
 	- poppler <unfixed>
 	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52
+	NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
+	NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
 CVE-2022-38783
 	RESERVED
 CVE-2022-38782
@@ -2605,7 +2607,9 @@ CVE-2022-38173
 CVE-2022-38172 (ServiceNow through San Diego Patch 3 allows XSS via the name field dur ...)
 	NOT-FOR-US: ServiceNow
 CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 d ...)
-	TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2120439, might be N/A for us as using poppler
+	NOT-FOR-US: xpdf (relevant issue for Poppler tracked as CVE-2022-38784)
+	NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
+	NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
 CVE-2022-2794
 	RESERVED
 CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ php-horde-mime-viewer
 --
 php-horde-turba
 --
+poppler
+--
 rails
 --
 rpki-client



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e036fc2adbb6251b8b24c763b70ae0f31edb2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e036fc2adbb6251b8b24c763b70ae0f31edb2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220831/48f43001/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list