[Secure-testing-commits] r50445 - data/CVE

[Mattia Rizzolo]

Author: mattia
Date: 2017-04-07 19:03:31 +0000 (Fri, 07 Apr 2017)
New Revision: 50445

Modified:
   data/CVE/list
Log:
Add 3 upstream commits for libpodofo issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-04-07 18:51:07 UTC (rev 50444)
+++ data/CVE/list       2017-04-07 19:03:31 UTC (rev 50445)
@@ -4832,6 +4832,7 @@
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
+       NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837
 CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated 
attack ...)
        NOT-FOR-US: dotCMS
 CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated 
attack ...)
@@ -5378,6 +5379,7 @@
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+       NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows 
remote ...)
        - libpodofo <unfixed> (bug #854601)
        [jessie] - libpodofo <no-dsa> (Minor issue)
@@ -5391,6 +5393,7 @@
        [wheezy] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
+       NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835
 CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff 
...)
        - netpbm-free <not-affected> (vulnerable code not present)
        NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits