Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits: 30dd29f4 by Mattia Rizzolo at 2018-10-02T15:03:20Z update libpodofo CVEs now that the fix migreted to unstable Signed-off-by: Mattia Rizzolo <[email protected]> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24882,8 +24882,7 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in . NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930 NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/ CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...) - [experimental] - libpodofo 0.9.6~rc1+dfsg-1 - - libpodofo <unfixed> (low; bug #892556) + - libpodofo 0.9.6~rc1+dfsg-1 (low; bug #892556) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -33482,8 +33481,7 @@ CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS v CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory ...) NOT-FOR-US: "Media from FTP" plugin for WordPress CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) - [experimental] - libpodofo 0.9.6~rc1+dfsg-1 - - libpodofo <unfixed> (low) + - libpodofo 0.9.6~rc1+dfsg-1 (low) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -33561,8 +33559,7 @@ CVE-2018-5298 (In the Procter & Gamble "Oral-B App" (aka com.pg.or CVE-2018-5297 RESERVED CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...) - [experimental] - libpodofo 0.9.6+dfsg-1 - - libpodofo <unfixed> (low) + - libpodofo 0.9.6+dfsg-1 (low) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -76007,8 +76004,7 @@ CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cp NOTE: ... and re-fixed in: https://sourceforge.net/p/podofo/code/1882 NOTE: and https://sourceforge.net/p/podofo/code/1883 CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack ...) - [experimental] - libpodofo 0.9.6+dfsg-1 - - libpodofo <unfixed> (bug #860994) + - libpodofo 0.9.6+dfsg-1 (bug #860994) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30dd29f4977db3d3ddc7a21dd35d3e5a550d24c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30dd29f4977db3d3ddc7a21dd35d3e5a550d24c2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
