Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6e9c422 by Emilio Pozuelo Monfort at 2020-07-23T11:52:13+02:00
Drop no-dsa tags for poppler issues to be fixed in stretch
- - - - -
14ec1a28 by Emilio Pozuelo Monfort at 2020-07-23T12:12:08+02:00
Reserve DLA-2287-1 for poppler
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -67274,7 +67274,6 @@ CVE-2019-10873 (An issue was discovered in Poppler
0.74.0. There is a NULL point
CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a
heap-based buffe ...)
{DLA-1815-1}
- poppler 0.71.0-5 (low; bug #926530)
- [stretch] - poppler <postponed> (Revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a
heap-based buffe ...)
@@ -87953,7 +87952,6 @@ CVE-2018-20482 (GNU Tar through 1.30, when --sparse is
used, mishandles file shr
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles
unallocated XRe ...)
{DLA-1706-1}
- poppler 0.71.0-4 (low; bug #917325)
- [stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
NOTE: Proposed fix:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
@@ -105764,7 +105762,6 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the
pdf_get_xref_entry function in pdf/
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc
may caus ...)
{DLA-1562-3 DLA-1562-2 DLA-1562-1}
- poppler 0.71.0-4 (low; bug #909802)
- [stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
@@ -120960,7 +120957,6 @@ CVE-2017-18267 (The FoFiType1C::cvtGlyph function in
fofi/FoFiType1C.cc in Poppl
{DLA-1562-1}
[experimental] - poppler 0.65.0-1
- poppler 0.69.0-2 (bug #898357)
- [stretch] - poppler <no-dsa> (Minor issue)
[wheezy] - poppler <ignored> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Jul 2020] DLA-2287-1 poppler - security update
+ {CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009
CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293}
+ [stretch] - poppler 0.48.0-2+deb9u3
[22 Jul 2020] DLA-2286-1 tomcat8 - security update
{CVE-2020-13934 CVE-2020-13935}
[stretch] - tomcat8 8.5.54-0+deb9u3
=====================================
data/dla-needed.txt
=====================================
@@ -116,9 +116,6 @@ opendmarc
pillow
NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not
CVE-2020-10378. (lamby)
--
-poppler (Emilio)
- NOTE: 20200720: wip (Emilio)
---
puma
NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c8a2248de68743aa9dd09c99f7726f26174bf58...14ec1a28f3f1fdc8011b935f4b55ae4b6181da57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c8a2248de68743aa9dd09c99f7726f26174bf58...14ec1a28f3f1fdc8011b935f4b55ae4b6181da57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
