Author: mattia Date: 2017-05-16 13:52:56 +0000 (Tue, 16 May 2017) New Revision: 51681
Modified: data/CVE/list Log: link upstream fixes for podofo issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-16 13:04:18 UTC (rev 51680) +++ data/CVE/list 2017-05-16 13:52:56 UTC (rev 51681) @@ -2497,6 +2497,7 @@ [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://github.com/icepng/PoC/tree/master/PoC1 NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/ + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849 CVE-2017-7993 RESERVED CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php ...) @@ -4361,6 +4362,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...) - libpodofo <unfixed> (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -4369,6 +4371,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...) - libpodofo <unfixed> (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -4377,6 +4380,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...) - libpodofo <unfixed> (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -4385,6 +4389,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #859331) @@ -4397,6 +4402,7 @@ NOTE: services that use this library (apart from desktop applications) NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847 CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...) - qemu 1:2.8+dfsg-4 (bug #859854) [jessie] - qemu <no-dsa> (Minor issue) @@ -7102,6 +7108,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo <unfixed> (bug #861564) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -7110,6 +7117,7 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...) - libpodofo <unfixed> (bug #861563) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -7136,6 +7144,8 @@ - libpodofo <unfixed> (bug #861560) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...) - libpodofo <unfixed> (bug #861559) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -7144,6 +7154,8 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...) - libpodofo <unfixed> (bug #861558) [wheezy] - libpodofo <no-dsa> (Minor issue) @@ -7160,6 +7172,8 @@ NOTE: and the worst case is a DoS. NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6426 RESERVED NOT-FOR-US: Qualcomm driver for Android @@ -9433,6 +9447,7 @@ [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #854602) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits