Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4cd3254b by Salvatore Bonaccorso at 2019-06-06T08:40:05Z
Update information for CVE-2019-12360
Newer versions of xpdf do not include the file anymore and xpdf in
Debian uses anyway poppler. Poppler fixed the issue apparently silently
in the 0.32.0 release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -850,9 +850,13 @@ CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP
Referer header to e/member/
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to
e/member/doaction.ph ...)
NOT-FOR-US: EmpireCMS
CVE-2019-12360 (A stack-based buffer over-read exists in
FoFiTrueType::dumpString in f ...)
- - xpdf <unfixed>
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is not
affected or fixed)
+ - poppler 0.38.0-2
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
- TODO: check
+ NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc
(poppler-0.32.0)
+ NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5
(poppler-0.32.0)
+ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1136620
CVE-2019-12359
RESERVED
CVE-2019-12358
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
