[Secure-testing-commits] r48709 - data/CVE

[Mattia Rizzolo]

Author: mattia
Date: 2017-02-04 14:01:33 +0000 (Sat, 04 Feb 2017)
New Revision: 48709

Modified:
   data/CVE/list
Log:
update libpodofo info

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-04 13:10:23 UTC (rev 48708)
+++ data/CVE/list       2017-02-04 14:01:33 UTC (rev 48709)
@@ -1,6 +1,7 @@
 CVE-2017-XXXX [podofo: heap-based buffer overflow in 
PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)]
        - libpodofo <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
+       NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5877
        RESERVED
 CVE-2017-5876
@@ -524,14 +525,17 @@
        RESERVED
        - libpodofo <unfixed> (bug #854118)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
+       NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
        RESERVED
        - libpodofo <unfixed> (bug #854118)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
+       NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
        RESERVED
        - libpodofo <unfixed> (bug #854118)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
+       NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
 CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and 
putgreytile()]
        RESERVED
        - netpbm-free <not-affected> (vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits