[Git][security-tracker-team/security-tracker][master] Reserve DLA-3620-1 for poppler

Mon Oct 16 12:33:47 BST 2023


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8fce1e5 by Adrian Bunk at 2023-10-16T14:33:29+03:00
Reserve DLA-3620-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -84991,13 +84991,11 @@ CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allow
 CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...)
 	- poppler 22.08.0-2
 	[bullseye] - poppler <no-dsa> (Minor issue)
-	[buster] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
 	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0)
 CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...)
 	- poppler 22.08.0-2
 	[bullseye] - poppler <no-dsa> (Minor issue)
-	[buster] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
 	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 (poppler-22.08.0)
 CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2023] DLA-3620-1 poppler - security update
+	{CVE-2020-23804 CVE-2022-37050 CVE-2022-37051}
+	[buster] - poppler 0.71.0-5+deb10u3
 [14 Oct 2023] DLA-3619-1 batik - security update
 	{CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 CVE-2022-44729 CVE-2022-44730}
 	[buster] - batik 1.10-2+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -173,12 +173,6 @@ osslsigncode
 phppgadmin (Abhijith PA)
   NOTE: 20230925: Added by Front-Desk (apo)
 --
-poppler (Adrian Bunk)
-  NOTE: 20230908: Added by Front-Desk (lamby)
-  NOTE: 20230908: Added due to CVE-2020-23804. However, please check CVE-2020-18839
-  NOTE: 20230908: as I suspect this is a duplicate of CVE-2020-27778 (which has already
-  NOTE: 20230908: been fixed). (lamby)
---
 python-django
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8fce1e5936c629855121cde23744893645f5a9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8fce1e5936c629855121cde23744893645f5a9d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231016/14a7890b/attachment-0001.htm>
