Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a29609c by Salvatore Bonaccorso at 2019-10-05T09:14:48Z
Add CVE-2019-9959/poppler
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21233,7 +21233,10 @@ CVE-2019-9961 (A cross-site scripting (XSS)
vulnerability in ressource view in c
CVE-2019-9960 (The downloadZip function in
application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier
doesn't che ...)
- TODO: check
+ - poppler <unfixed>
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
+ NOTE: Patch:
https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557
(poppler-0.79.0)
+ NOTE: Reproducer:
https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES)
v7.0 u ...)
NOT-FOR-US: Quadbase EspressReport ES (ERES)
CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update
7 allow ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a29609c73e0cb880a25319320e7525b54f78552
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a29609c73e0cb880a25319320e7525b54f78552
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
