[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-20662,poppler: Remove no-dsa tag for Jessie.

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34860bd6 by Markus Koschany at 2019-03-08T17:52:40Z
CVE-2018-20662,poppler: Remove no-dsa tag for Jessie.

- - - - -
6d4954f0 by Markus Koschany at 2019-03-08T17:53:55Z
Reserve DLA-1706-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13860,7 +13860,6 @@ CVE-2018-20663 (The Reporting Addon (aka Reports Addon) 
through 2019-01-02 for C
 CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers 
to cause ...)
        - poppler <unfixed> (low; bug #918158)
        [stretch] - poppler <no-dsa> (Minor issue)
-       [jessie] - poppler <postponed> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because 
Directory ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Mar 2019] DLA-1706-1 poppler - security update
+       {CVE-2018-19058 CVE-2018-20481 CVE-2018-20662 CVE-2019-7310 
CVE-2019-9200}
+       [jessie] - poppler 0.26.5-2+deb8u8
 [05 Mar 2019] DLA-1705-1 sox - security update
        {CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371}
        [jessie] - sox 14.4.1-5+deb8u3


=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ php5 (Thorsten Alteholz)
 polarssl
   NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to 
move to latest version, etc. (!). (lamby)
 --
-poppler (Markus Koschany)
---
 qemu
   NOTE: CVE-2018-19665: wait for final patch
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d8e26a879e728f668a2a02a68622fc34f36207b7...6d4954f0145de1c0322ef791acbe74024221e862

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d8e26a879e728f668a2a02a68622fc34f36207b7...6d4954f0145de1c0322ef791acbe74024221e862
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits