[Git][security-tracker-team/security-tracker][master] Add CVE-2025-3236{4,5}/poppler
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 6 09:47:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23f3dba2 by Salvatore Bonaccorso at 2025-04-06T10:47:08+02:00
Add CVE-2025-3236{4,5}/poppler
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,9 +27,14 @@ CVE-2025-32369 (Kentico Xperience before 13.0.181 allows authenticated users to
CVE-2025-32366 (In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length th ...)
TODO: check
CVE-2025-32365 (Poppler before 25.04.0 allows crafted input files to trigger out-of-bo ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
+ NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 (poppler-25.04.0))
CVE-2025-32364 (A floating-point exception in the PSStack::roll function of Poppler be ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
+ NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 (poppler-25.04.0)
CVE-2025-32360 (In Zammad 6.4.x before 6.4.2, there is information exposure. Only agen ...)
- zammad <itp> (bug #841355)
CVE-2025-32359 (In Zammad 6.4.x before 6.4.2, there is client-side enforcement of serv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23f3dba201b93486a3f40373622a4ee3043d82e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23f3dba201b93486a3f40373622a4ee3043d82e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250406/346cb3d3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list