[Git][security-tracker-team/security-tracker][master] Add two new poppler issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 4 21:40:45 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b577bc21 by Salvatore Bonaccorso at 2025-08-04T22:39:09+02:00
Add two new poppler issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,9 +45,16 @@ CVE-2025-51534 (A cross-site scripting (XSS) vulnerability in Austrian Archaeolo
 CVE-2025-51390 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a com ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-50422 (An issue was discovered in freedesktop poppler v25.04.0. The heap memo ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://github.com/Landw-hub/CVE-2025-50422
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591
+	NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621
 CVE-2025-50420 (An issue in the pdfseparate utility of freedesktop poppler v25.04.0 al ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://github.com/Landw-hub/CVE-2025-50420
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1613
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1849
+	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/08d7894e4dd0e313c179e30f06ad8f546619b1b3
 CVE-2025-50340 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
 	TODO: check
 CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b577bc219264f5ca6efe0deca4e45b47e0f69606

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b577bc219264f5ca6efe0deca4e45b47e0f69606
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250804/9cef65b6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list