Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86fe5f97 by Sylvain Beucler at 2025-06-18T19:05:18+02:00
CVE-2019-9903/poppler: drop jessie annotation
The recursive code is present, and the cyclic checks introduced with
the fix for CVE-2017-7515 aren't.
The PoC doesn't work, but I believe a variant would.
This reverts 579869f33bf3331b77c7838c62607ca878f7e753
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -485632,9 +485632,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in
Poppler 0.74.0 mishandles dict
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #925264)
[stretch] - poppler <ignored> (Minor issue)
- [jessie] - poppler <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
+ NOTE: Builds on fix for CVE-2017-7515
CVE-2019-9902
RESERVED
CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A
remote att ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86fe5f976ef19d7847a905a250b54bf848a903ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86fe5f976ef19d7847a905a250b54bf848a903ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
