Author: mattia Date: 2017-05-17 13:05:40 +0000 (Wed, 17 May 2017) New Revision: 51694
Modified: data/CVE/list Log: mark fixed versions in some libpodofo CVEs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-17 11:08:37 UTC (rev 51693) +++ data/CVE/list 2017-05-17 13:05:40 UTC (rev 51694) @@ -4375,7 +4375,7 @@ CVE-2017-7384 RESERVED CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...) - - libpodofo <unfixed> (bug #859329) + - libpodofo 0.9.4-6 (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -4384,7 +4384,7 @@ NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...) - - libpodofo <unfixed> (bug #859329) + - libpodofo 0.9.4-6 (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -4393,7 +4393,7 @@ NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...) - - libpodofo <unfixed> (bug #859329) + - libpodofo 0.9.4-6 (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -4402,7 +4402,7 @@ NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...) - - libpodofo <unfixed> (bug #859329) + - libpodofo 0.9.4-6 (bug #859329) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -4416,7 +4416,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2 NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/ CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...) - - libpodofo <unfixed> (bug #859330) + - libpodofo 0.9.4-6 (bug #859330) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -7121,7 +7121,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...) - - libpodofo <unfixed> (bug #861565) + - libpodofo 0.9.4-6 (bug #861565) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -7130,7 +7130,7 @@ NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - - libpodofo <unfixed> (bug #861564) + - libpodofo 0.9.4-6 (bug #861564) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -7161,13 +7161,13 @@ NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad ...) - - libpodofo <unfixed> (bug #861560) + - libpodofo 0.9.4-6 (bug #861560) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...) - - libpodofo <unfixed> (bug #861559) + - libpodofo 0.9.4-6 (bug #861559) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -7185,7 +7185,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...) - - libpodofo <unfixed> (bug #861557) + - libpodofo 0.9.4-6 (bug #861557) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) @@ -9443,7 +9443,7 @@ NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ NOTE: https://sourceforge.net/p/podofo/code/1672 CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...) - - libpodofo <unfixed> (bug #854603) + - libpodofo 0.9.4-6 (bug #854603) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits