[Git][security-tracker-team/security-tracker][master] Reserve DLA-3620-1 for poppler

Mon, 16 Oct 2023 04:34:02 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f8fce1e5 by Adrian Bunk at 2023-10-16T14:33:29+03:00
Reserve DLA-3620-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -84991,13 +84991,11 @@ CVE-2022-37052 (A reachable Object::getString 
assertion in Poppler 22.07.0 allow
 CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a 
reachable abort ...)
        - poppler 22.08.0-2
        [bullseye] - poppler <no-dsa> (Minor issue)
-       [buster] - poppler <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b
 (poppler-22.08.0)
 CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows 
attackers t ...)
        - poppler 22.08.0-2
        [bullseye] - poppler <no-dsa> (Minor issue)
-       [buster] - poppler <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990
 (poppler-22.08.0)
 CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to 
contain a  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2023] DLA-3620-1 poppler - security update
+       {CVE-2020-23804 CVE-2022-37050 CVE-2022-37051}
+       [buster] - poppler 0.71.0-5+deb10u3
 [14 Oct 2023] DLA-3619-1 batik - security update
        {CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 
CVE-2022-44729 CVE-2022-44730}
        [buster] - batik 1.10-2+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -173,12 +173,6 @@ osslsigncode
 phppgadmin (Abhijith PA)
   NOTE: 20230925: Added by Front-Desk (apo)
 --
-poppler (Adrian Bunk)
-  NOTE: 20230908: Added by Front-Desk (lamby)
-  NOTE: 20230908: Added due to CVE-2020-23804. However, please check 
CVE-2020-18839
-  NOTE: 20230908: as I suspect this is a duplicate of CVE-2020-27778 (which 
has already
-  NOTE: 20230908: been fixed). (lamby)
---
 python-django
   NOTE: 20231006: Added by Front-Desk (Beuc)
   NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists 
(Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8fce1e5936c629855121cde23744893645f5a9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8fce1e5936c629855121cde23744893645f5a9d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to