[Git][security-tracker-team/security-tracker][master] CVE-2019-9903/poppler: drop jessie annotation

Wed Jun 18 18:05:26 BST 2025


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86fe5f97 by Sylvain Beucler at 2025-06-18T19:05:18+02:00
CVE-2019-9903/poppler: drop jessie annotation

The recursive code is present, and the cyclic checks introduced with
the fix for CVE-2017-7515 aren't.

The PoC doesn't work, but I believe a variant would.

This reverts 579869f33bf3331b77c7838c62607ca878f7e753

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -485632,9 +485632,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict
 	[experimental] - poppler 0.81.0-1
 	- poppler 0.85.0-2 (low; bug #925264)
 	[stretch] - poppler <ignored> (Minor issue)
-	[jessie] - poppler <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
+	NOTE: Builds on fix for CVE-2017-7515
 CVE-2019-9902
 	RESERVED
 CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86fe5f976ef19d7847a905a250b54bf848a903ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86fe5f976ef19d7847a905a250b54bf848a903ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/a59e4f21/attachment.htm>
