[Git][security-tracker-team/security-tracker][master] Reserve DLA-3548-1 for qpdf

Tue, 29 Aug 2023 14:01:54 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5ffdf337 by Thorsten Alteholz at 2023-08-29T23:00:36+02:00
Reserve DLA-3548-1 for qpdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -151410,7 +151410,6 @@ CVE-2021-36979 (Unicorn Engine 1.0.2 has an 
out-of-bounds write in tb_flush_arme
        NOT-FOR-US: Unicorn Engine
 CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a 
heap-based buffer ...)
        - qpdf 10.1.0-1
-       [buster] - qpdf <no-dsa> (Minor issue)
        [stretch] - qpdf <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
@@ -338377,7 +338376,6 @@ CVE-2012-6710 (ext_find_user in eXtplorer through 
2.1.2 allows remote attackers
        - extplorer <removed>
 CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, 
QPDFWriter::unparseObject and ...)
        - qpdf 9.0.0-1
-       [buster] - qpdf <no-dsa> (Minor issue)
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
        NOTE: https://github.com/qpdf/qpdf/issues/243


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Aug 2023] DLA-3548-1 qpdf - security update
+       {CVE-2018-18020 CVE-2021-25786 CVE-2021-36978}
+       [buster] - qpdf 8.4.0-2+deb10u1
 [29 Aug 2023] DLA-3547-1 tryton-server - security update
        [buster] - tryton-server 5.0.4-2+deb10u2
 [28 Aug 2023] DLA-3546-1 opendmarc - security update


=====================================
data/dla-needed.txt
=====================================
@@ -160,9 +160,6 @@ python2.7
   NOTE: 20230826: and wasn't fixed in Debian, but the extra patch is now 
available and can be fixed now. (utkarsh)
   NOTE: 20230826: contact Utkarsh in case you're unable to find the 
supplementary patch. (utkarsh)
 --
-qpdf (Thorsten Alteholz)
-  NOTE: 20230820: Added by Front-Desk (ta)
---
 qt4-x11
   NOTE: 20230822: Re-added for one remaining open CVE (roberto)
   NOTE: 20230822: CVE-2021-28025 maybe a dup of CVE-2021-3481; once resolved, 
fix or remove entry from this file (roberto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffdf33738fbbee2ad47c0774e58cc1609cdc4ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffdf33738fbbee2ad47c0774e58cc1609cdc4ba
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to