Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a67297ba by Salvatore Bonaccorso at 2019-07-30T18:59:59Z
Mark CVE-2019-14267/pdfressurect
TTBOMK, pdfresurrect is used basically as CLI only. The build is done
with hardening flags enabled leading to a CLI crash only and thus with
negligible security impact. Borderline to no-dsa tagged entries, as
there might some cases where pdfresurect is used within a service with
untrusted imput.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -465,8 +465,9 @@ CVE-2019-14269
CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web
request prox ...)
NOT-FOR-US: Octopus Deploy
CVE-2019-14267 (PDFResurrect 0.15 has a buffer overflow via a crafted PDF file
because ...)
- - pdfresurrect 0.16-1
+ - pdfresurrect 0.16-1 (unimportant)
NOTE:
https://github.com/enferex/pdfresurrect/commit/4ea7a6f4f51d0440da651d099247e2273f811dbc
+ NOTE: Crash in CLI tool, negligible security impact, hardening build
CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the
index.php?s=/ucenter/Confi ...)
NOT-FOR-US: OpenSNS
CVE-2019-14265
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a67297ba9b26c370ed4f6716beac0eed72dfbdac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a67297ba9b26c370ed4f6716beac0eed72dfbdac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
