[Git][security-tracker-team/security-tracker][master] new pypdf issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 3 22:16:11 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42a661cc by Moritz Muehlenhoff at 2023-07-03T23:15:47+02:00
new pypdf issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -224,9 +224,18 @@ CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.)
 	NOT-FOR-US: Joplin
 CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
-	TODO: check
+	- pypdf2 1.27.9-1
+	[bullseye] - pypdf2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
+	NOTE: https://github.com/py-pdf/pypdf/issues/582
+	NOTE: https://github.com/py-pdf/pypdf/pull/808
 CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
-	TODO: check
+	- pypdf2 <unfixed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
+	[bullseye] - pypdf2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
+	NOTE: https://github.com/py-pdf/pypdf/issues/1329
+	NOTE: https://github.com/py-pdf/pypdf/pull/1331
 CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42a661cc24de08e9bedf16af7f42d8db976cb4e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42a661cc24de08e9bedf16af7f42d8db976cb4e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230703/18be3114/attachment.htm>

More information about the debian-security-tracker-commits mailing list