[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for upcoming security update of poppler.

Markus Koschany (@apo) apo at debian.org
Sun Sep 25 23:14:44 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96fe1f44 by Markus Koschany at 2022-09-26T00:12:08+02:00
Remove no-dsa tags for upcoming security update of poppler.

- - - - -
ca01099d by Markus Koschany at 2022-09-26T00:14:33+02:00
Reserve DLA-3120-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38160,7 +38160,6 @@ CVE-2022-27338
 CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows  ...)
 	{DSA-5224-1}
 	- poppler 22.08.0-2 (bug #1010695)
-	[buster] - poppler <no-dsa> (Minor issue)
 	[stretch] - poppler <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74 (poppler-22.04.0)
@@ -138532,7 +138531,6 @@ CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem
 	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
 	- poppler 0.85.0-2
-	[buster] - poppler <postponed> (Minor issue)
 	[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0)
@@ -223240,7 +223238,6 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di
 	{DLA-2440-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (bug #933812)
-	[buster] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
@@ -237600,7 +237597,6 @@ CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn'
 	{DLA-2440-1 DLA-1963-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #941776)
-	[buster] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
 	NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0)
 	NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
@@ -237790,7 +237786,6 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv
 CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #925264)
-	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
 	[jessie] - poppler <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
@@ -255186,7 +255181,6 @@ CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allow
 	{DLA-2440-1 DLA-1939-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #917974)
-	[buster] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
 CVE-2018-20649
@@ -267313,7 +267307,6 @@ CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable
 	{DLA-2440-1 DLA-1706-1}
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #913177)
-	[buster] - poppler <ignored> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
 CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...)
@@ -267692,7 +267685,6 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.
 CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #913164)
-	[buster] - poppler <ignored> (Negligible security impact)
 	[stretch] - poppler <ignored> (Negligible security impact)
 	[jessie] - poppler <ignored> (Negligible security impact; memory leak)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Sep 2022] DLA-3120-1 poppler - security update
+	{CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784}
+	[buster] - poppler 0.71.0-5+deb10u1
 [25 Sep 2022] DLA-3119-1 expat - security update
 	{CVE-2022-40674}
 	[buster] - expat 2.2.6-2+deb10u5


=====================================
data/dla-needed.txt
=====================================
@@ -125,10 +125,6 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
-poppler (Markus Koschany)
-  NOTE: 20220904: Programming language: C.
-  NOTE: 20220922: Release is pending. (apo)
---
 python-django
   NOTE: 20220911: Programming language: Python
   NOTE: 20220911: There are many minors issues that should be done in a point release. No further point releases for buster.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a719ee832d4c8dd14e466384493f911133e26b11...ca01099d2b1d0d54b1d4abc87a484a3fa96361fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220925/1e750d52/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list