[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-10871/poppler: reference upstream fix, unset jessie postposned

Sat, 05 Oct 2019 05:29:02 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c1c6bd84 by Sylvain Beucler at 2019-10-05T12:27:30Z
CVE-2019-10871/poppler: reference upstream fix, unset jessie postposned

- - - - -
26a2d714 by Sylvain Beucler at 2019-10-05T12:27:30Z
dla: add poppler

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18819,8 +18819,9 @@ CVE-2019-10871 (An issue was discovered in Poppler 
0.74.0. There is a heap-based
        - poppler <unfixed> (low; bug #926529)
        [buster] - poppler <postponed> (Revisit when fixed upstream)
        [stretch] - poppler <postponed> (Revisit when fixed upstream)
-       [jessie] - poppler <postponed> (Revisit when fixed upstream)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
+       NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 
(rejected in favor of always enabling SPLASH_CMYK)
+       NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 
(always enable SPLASH_CMYK)
 CVE-2019-10870
        RESERVED
 CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the 
Ninja Forms  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -120,6 +120,8 @@ pam-python
 --
 polarssl
 --
+poppler
+--
 radare2
   NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
   NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c7a4e4c8882be87d900acc34da75b255094c0898...26a2d71408f228d63d04446d4c60ae6fb889957d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c7a4e4c8882be87d900acc34da75b255094c0898...26a2d71408f228d63d04446d4c60ae6fb889957d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to