[Git][security-tracker-team/security-tracker][master] Add upstream tag references for podofo upstream commits
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 31 16:01:48 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f832485c by Salvatore Bonaccorso at 2025-08-31T17:01:09+02:00
Add upstream tag references for podofo upstream commits
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -369524,14 +369524,14 @@ CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
- NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
+ NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619 (0.9.8)
CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
- libpodofo 0.9.8+dfsg-1 (bug #986792)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
- NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
+ NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619 (0.9.8)
CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
- libpodofo <unfixed> (bug #986791)
[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
@@ -428464,7 +428464,7 @@ CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/48/
- NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
+ NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619 (0.9.8)
CVE-2020-18970
RESERVED
CVE-2020-18969
@@ -566332,7 +566332,7 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in P
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
- NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619
+ NOTE: https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619 (0.9.8)
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerabil ...)
- libpodofo 0.9.6+dfsg-3 (low; bug #892556)
[stretch] - libpodofo <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832485cd7a0e049c5f4a0d8fca947b781d33287
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f832485cd7a0e049c5f4a0d8fca947b781d33287
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250831/40a564d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list