[Git][security-tracker-team/security-tracker][master] older podofo issues fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Aug 31 14:38:28 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8da3c77 by Moritz Muehlenhoff at 2025-08-31T15:37:46+02:00
older podofo issues fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -369519,21 +369519,19 @@ CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/132/
 CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
-	- libpodofo <unfixed> (bug #986793)
-	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
+	- libpodofo 0.9.8+dfsg-1 (bug #986793)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/131/
+	NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
 CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
-	- libpodofo <unfixed> (bug #986792)
-	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
+	- libpodofo 0.9.8+dfsg-1 (bug #986792)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/130/
+	NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
 CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
 	- libpodofo <unfixed> (bug #986791)
 	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
@@ -428461,13 +428459,12 @@ CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in Po
 	NOTE: https://sourceforge.net/p/podofo/tickets/49/
 	NOTE: Negligible security impact
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
-	- libpodofo <unfixed> (bug #1014858)
-	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
+	- libpodofo 0.9.8+dfsg-1 (bug #1014858)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/48/
+	NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
 CVE-2020-18970
 	RESERVED
 CVE-2020-18969
@@ -566327,9 +566324,7 @@ CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when
 CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory  ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
-	- libpodofo <unfixed> (low; bug #892557)
-	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
+	- libpodofo 0.9.8+dfsg-1 (bug #892557)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -566337,6 +566332,7 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in P
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
 	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
+	NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
 CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerabil ...)
 	- libpodofo 0.9.6+dfsg-3 (low; bug #892556)
 	[stretch] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da3c775bf63f3477ded513dc075ef14214fa57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da3c775bf63f3477ded513dc075ef14214fa57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250831/349a7d9d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list