[Git][security-tracker-team/security-tracker][master] 2 commits: Mark two more poppler issues as no-dsa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 14 20:04:32 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e799d271 by Salvatore Bonaccorso at 2025-04-14T21:03:45+02:00
Mark two more poppler issues as no-dsa
- - - - -
cb9bf867 by Salvatore Bonaccorso at 2025-04-14T21:04:15+02:00
Remove poppler from dsa-needed list
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2233,11 +2233,13 @@ CVE-2025-32366 (In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy len
- connman <unfixed> (bug #1102193)
CVE-2025-32365 (Poppler before 25.04.0 allows crafted input files to trigger out-of-bo ...)
- poppler 25.03.0-3 (bug #1102191)
+ [bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 (poppler-25.04.0))
CVE-2025-32364 (A floating-point exception in the PSStack::roll function of Poppler be ...)
- poppler 25.03.0-3 (bug #1102190)
+ [bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 (poppler-25.04.0)
CVE-2025-32360 (In Zammad 6.4.x before 6.4.2, there is information exposure. Only agen ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -44,8 +44,6 @@ opennds
--
pagure
--
-poppler (carnil)
---
php-laravel-framework
--
python-django
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0576006ba3f8e0f8e1634dde288a5cce9a915315...cb9bf867a19b429c287d3bf6d740eb58a68598d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0576006ba3f8e0f8e1634dde288a5cce9a915315...cb9bf867a19b429c287d3bf6d740eb58a68598d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/07f50725/attachment.htm>
More information about the debian-security-tracker-commits
mailing list