Author: mattia Date: 2017-05-03 10:15:32 +0000 (Wed, 03 May 2017) New Revision: 51305
Modified: data/CVE/list Log: update libpodofo bugs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-03 09:12:17 UTC (rev 51304) +++ data/CVE/list 2017-05-03 10:15:32 UTC (rev 51305) @@ -5687,45 +5687,45 @@ CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A ...) NOT-FOR-US: EvoStream Media Server CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861566) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861565) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861564) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861563) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/ CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861562) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...) {DLA-929-1} - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861561) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861560) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861559) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861558) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...) - - libpodofo <unfixed> (bug #856592) + - libpodofo <unfixed> (bug #861557) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp CVE-2017-6426 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits