Author: apo Date: 2017-11-18 17:52:46 +0000 (Sat, 18 Nov 2017) New Revision: 57786
Modified: data/CVE/list Log: CVE-2017-14929,poppler: Mark as ignored for Wheezy The vulnerability (infinite loop) is not reproducible with the provided POC in Wheezy. The code looks similar although it differs in function names (drawform -> doform1) and function parameters. The fix requires an API change. It is not clear to me whether the package in Wheezy is still affected but following upstream's fix would require a rebuild of all reverse-dependencies. I'm going to mark this issue as ignored because it is not clear if the fix is needed and the current solution is probably too intrusive to backport. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-18 17:14:24 UTC (rev 57785) +++ data/CVE/list 2017-11-18 17:52:46 UTC (rev 57786) @@ -5682,6 +5682,7 @@ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to ...) - poppler <unfixed> (bug #877222) + [wheezy] - poppler <ignored> (unreproducible, requires API change which appears to be too intrusive in this case.) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits