Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3cd07432 by Mattia Rizzolo at 2018-06-15T10:23:12+02:00 CVE-2017-5854/libpodofo was not correctly fixed for stretch and wheezy Signed-off-by: Mattia Rizzolo <[email protected]> - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -19235,6 +19235,7 @@ CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the . NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532390 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876 + NOTE: duplicate CVE: CVE-2017-5854 CVE-2018-5307 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...) @@ -69239,12 +69240,15 @@ CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.c NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...) - {DLA-929-1} - - libpodofo 0.9.4-5 (bug #854602) + - libpodofo 0.9.5-9 (bug #854602) + [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) + [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 - NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876 + NOTE: duplicate CVE: CVE-2018-5308 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #854601) ===================================== data/DLA/list ===================================== --- a/data/DLA/list +++ b/data/DLA/list @@ -1396,7 +1396,7 @@ {CVE-2017-7957} [wheezy] - libxstream-java 1.4.2-1+deb7u2 [29 Apr 2017] DLA-929-1 libpodofo - security update - {CVE-2015-8981 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5886 CVE-2017-6844 CVE-2017-7379} + {CVE-2015-8981 CVE-2017-5852 CVE-2017-5853 CVE-2017-5886 CVE-2017-6844 CVE-2017-7379} [wheezy] - libpodofo 0.9.0-1.1+deb7u1 [29 Apr 2017] DLA-928-1 libsndfile - security update {CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cd074320b724844e268a5c02734c7cb9931eae0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3cd074320b724844e268a5c02734c7cb9931eae0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
