[Git][security-tracker-team/security-tracker][master] "new" pikepdf issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5352b6ae by Moritz Muehlenhoff at 2022-11-10T16:53:02+01:00
"new" pikepdf issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6447,7 +6447,8 @@ CVE-2022-3662 (A vulnerability was found in Axiomatic Bento4. It has been declar
 CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel befor ...)
 	NOT-FOR-US: myVesta Control Panel
 CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata pa ...)
-	TODO: check
+	- pikepdf 3.2.0+dfsg-1
+	NOTE: https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
 	- libtasn1-6 4.19.0-2
 	[bullseye] - libtasn1-6 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5352b6ae45659b34d616c9cabea83216dd755536

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5352b6ae45659b34d616c9cabea83216dd755536
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/d08ad68a/attachment.htm>