[Secure-testing-team] Bug#877957: poppler: CVE-2017-14975: NULL pointer dereference in FoFiType1C::convertToType0

Source: poppler Version: 0.57.0-2 Severity: important Tags: patch security upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=102653 Hi, the following vulnerability was published for poppler. CVE-2017-14975[0]: | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler

[Secure-testing-team] Bug#877954: poppler: CVE-2017-14976: heap overflow in FoFiType1C::convertToType0

Source: poppler Version: 0.57.0-2 Severity: important Tags: security patch upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=102724 Hi, the following vulnerability was published for poppler. CVE-2017-14976[0]: | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler

[Secure-testing-team] Bug#877952: poppler: CVE-2017-14977: NULL pointer dereference in FoFiTrueType::getCFFBlock

Source: poppler Version: 0.57.0-2 Severity: important Tags: patch security upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=103045 Hi, the following vulnerability was published for poppler. CVE-2017-14977[0]: | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler

[Secure-testing-team] Bug#877921: koji: CVE-2017-1002153: Possible to bypass allowed_scm blacklist

Source: koji Version: 1.10.0-1 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for koji. CVE-2017-1002153[0]: | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker | to work around blacklisted paths for build submission. If you