Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
358ec8e9 by Moritz Muehlenhoff at 2019-05-23T20:55:13Z
poppler fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3519,7 +3519,7 @@ CVE-2019-10875 (A URL spoofing vulnerability was found in
all international vers
CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File
Upload featu ...)
NOT-FOR-US: Bolt CMS
CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL
pointer der ...)
- - poppler <unfixed> (low; bug #926532)
+ - poppler 0.71.0-4 (low; bug #926532)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (vulnerable code is not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
@@ -7373,7 +7373,7 @@ CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary
file download vulnerabili
NOT-FOR-US: ESAFENET CDG
CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the
CairoRescaleBo ...)
{DLA-1752-1}
- - poppler <unfixed> (bug #926673)
+ - poppler 0.71.0-4 (bug #926673)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
CVE-2019-9630
@@ -8384,7 +8384,7 @@ CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131
ETH/XC, ILC 151 ETH, ILC 151
NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine()
locate ...)
{DLA-1706-1}
- - poppler <unfixed> (bug #923414)
+ - poppler 0.71.0-4 (bug #923414)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4
CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp
in PoD ...)
@@ -13169,7 +13169,7 @@ CVE-2019-7311
RESERVED
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an
integer si ...)
{DLA-1706-1}
- - poppler <unfixed> (bug #921215)
+ - poppler 0.71.0-4 (bug #921215)
[stretch] - poppler <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
@@ -21877,7 +21877,7 @@ CVE-2018-20663 (The Reporting Addon (aka Reports Addon)
through 2019-01-02 for C
NOT-FOR-US: Reporting Addon for CUBA Platform
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers
to caus ...)
{DLA-1706-1}
- - poppler <unfixed> (low; bug #918158)
+ - poppler 0.71.0-4 (low; bug #918158)
[stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
@@ -22102,8 +22102,8 @@ CVE-2018-20651 (A NULL pointer dereference was
discovered in elf_link_add_object
NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0
allows atta ...)
- poppler <unfixed> (low; bug #917974)
- [buster] - poppler <no-dsa> (Minor issue)
- [stretch] - poppler <no-dsa> (Minor issue)
+ [buster] - poppler <ignored> (Minor issue)
+ [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <postponed> (Minor issue)
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
@@ -22547,7 +22547,7 @@ CVE-2018-1000892
CVE-2018-1000891
RESERVED
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0
allows attac ...)
- - poppler <unfixed> (low; bug #917525)
+ - poppler 0.71.0-4 (low; bug #917525)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (vulnerable code is not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/703
@@ -22831,7 +22831,7 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is
used, mishandles file shr
NOTE: Fixed by
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles
unallocated XRe ...)
{DLA-1706-1}
- - poppler <unfixed> (low; bug #917325)
+ - poppler 0.71.0-4 (low; bug #917325)
[stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
NOTE: Proposed fix:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
@@ -40209,7 +40209,7 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the
pdf_get_xref_entry function in pdf/
NOTE:
http://www.ghostscript.com/cgi-bin/findgit.cgi?351c99d8ce23bbf7099dbd52771a095f67e45a2c
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc
may caus ...)
{DLA-1562-3 DLA-1562-2 DLA-1562-1}
- - poppler <unfixed> (low; bug #909802)
+ - poppler 0.71.0-4 (low; bug #909802)
[stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/358ec8e959e35ffef13441bc1989269f97b0dedb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/358ec8e959e35ffef13441bc1989269f97b0dedb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
