Author: mattia
Date: 2017-05-16 13:52:56 +0000 (Tue, 16 May 2017)
New Revision: 51681
Modified:
data/CVE/list
Log:
link upstream fixes for podofo issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-16 13:04:18 UTC (rev 51680)
+++ data/CVE/list 2017-05-16 13:52:56 UTC (rev 51681)
@@ -2497,6 +2497,7 @@
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/icepng/PoC/tree/master/PoC1
NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/
+ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849
CVE-2017-7993
RESERVED
CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK
hps/heartland-php ...)
@@ -4361,6 +4362,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows
remote ...)
- libpodofo <unfixed> (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -4369,6 +4371,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote
attackers ...)
- libpodofo <unfixed> (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -4377,6 +4380,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote
attackers ...)
- libpodofo <unfixed> (bug #859329)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -4385,6 +4389,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in
...)
{DLA-929-1}
- libpodofo 0.9.4-5 (bug #859331)
@@ -4397,6 +4402,7 @@
NOTE: services that use this library (apart from desktop applications)
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in
hw/9pfs/9p.c in ...)
- qemu 1:2.8+dfsg-4 (bug #859854)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -7102,6 +7108,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in
PoDoFo ...)
- libpodofo <unfixed> (bug #861564)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -7110,6 +7117,7 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6846 (The
GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...)
- libpodofo <unfixed> (bug #861563)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -7136,6 +7144,8 @@
- libpodofo <unfixed> (bug #861560)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6842 (The ColorChanger::GetColorFromStack function in
colorchanger.cpp in ...)
- libpodofo <unfixed> (bug #861559)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -7144,6 +7154,8 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6841 (The
GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...)
- libpodofo <unfixed> (bug #861558)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -7160,6 +7172,8 @@
NOTE: and the worst case is a DoS.
NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
NOTE:
https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6426
RESERVED
NOT-FOR-US: Qualcomm driver for Android
@@ -9433,6 +9447,7 @@
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+ NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843
CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote
attackers to ...)
{DLA-929-1}
- libpodofo 0.9.4-5 (bug #854602)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
