Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ad72a39 by Salvatore Bonaccorso at 2022-05-04T21:49:37+02:00
Track fixes for three CVEs for libpodofo via experimental
- - - - -
4c7da628 by Salvatore Bonaccorso at 2022-05-04T21:50:30+02:00
Reference upstream commit for CVE-2019-10723
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -167039,6 +167039,7 @@ CVE-2019-20094 (An issue was discovered in libsixel
1.8.4. There is a heap-based
NOTE: https://github.com/saitoha/libsixel/issues/125
NOTE:
https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h
in PoDoFo ...)
+ [experimental] - libpodofo 0.9.8+dfsg-1
- libpodofo <unfixed> (bug #977302)
[bullseye] - libpodofo <ignored> (Minor issue)
[buster] - libpodofo <ignored> (Minor issue)
@@ -203976,12 +203977,14 @@ CVE-2019-10725
CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system
services in wh ...)
NOT-FOR-US: Dolby
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache
class i ...)
+ [experimental] - libpodofo 0.9.8+dfsg-1
- libpodofo <unfixed> (low; bug #926667)
[bullseye] - libpodofo <ignored> (Minor issue)
[buster] - libpodofo <ignored> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <postponed> (clean exception quit/DoS, low popcon)
NOTE: https://sourceforge.net/p/podofo/tickets/46/
+ NOTE: https://sourceforge.net/p/podofo/code/2038/
CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the
OpenIdSsoSe ...)
NOT-FOR-US: Jenkins openid Plugin
CVE-2019-1003098 (A cross-site request forgery vulnerability in Jenkins openid
Plugin in ...)
@@ -251589,6 +251592,7 @@ CVE-2018-12985
CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'"
credential ...)
NOT-FOR-US: Hycus CMS
CVE-2018-12983 (A stack-based buffer over-read in the
PdfEncryptMD5Base::ComputeEncryp ...)
+ [experimental] - libpodofo 0.9.8+dfsg-1
- libpodofo <unfixed> (low; bug #916580)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f52e20d45094febb047c02d4cf6c81b435c2e471...4c7da628c35da17b106bfe821a4f627fd3d6419e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f52e20d45094febb047c02d4cf6c81b435c2e471...4c7da628c35da17b106bfe821a4f627fd3d6419e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
