[Secure-testing-commits] r51306 - data/CVE

Mattia Rizzolo Wed, 03 May 2017 03:39:32 -0700

Author: mattia
Date: 2017-05-03 10:37:46 +0000 (Wed, 03 May 2017)
New Revision: 51306


Modified:
   data/CVE/list
Log:
record libpodofo fixes

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-03 10:15:32 UTC (rev 51305)
+++ data/CVE/list       2017-05-03 10:37:46 UTC (rev 51306)
@@ -2978,7 +2978,7 @@
        NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in 
...)
        {DLA-929-1}
-       - libpodofo <unfixed> (bug #859331)
+       - libpodofo 0.9.4-5 (bug #859331)
        NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
        NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
 CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp 
in PoDoFo ...)
@@ -5708,7 +5708,7 @@
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
 CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection 
function ...)
        {DLA-929-1}
-       - libpodofo <unfixed> (bug #861561)
+       - libpodofo 0.9.4-5 (bug #861561)
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
@@ -7442,7 +7442,7 @@
        NOTE: Introduced by: 
https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15
 (3.6-rc1)
 CVE-2017-5886 (Heap-based buffer overflow in the 
PoDoFo::PdfTokenizer::GetNextToken ...)
        {DLA-929-1}
-       - libpodofo <unfixed> (bug #854604)
+       - libpodofo 0.9.4-5 (bug #854604)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
@@ -7993,14 +7993,14 @@
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote 
attackers to ...)
        {DLA-929-1}
-       - libpodofo <unfixed> (bug #854602)
+       - libpodofo 0.9.4-5 (bug #854602)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
        NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows 
remote ...)
        {DLA-929-1}
-       - libpodofo <unfixed> (bug #854601)
+       - libpodofo 0.9.4-5 (bug #854601)
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
        NOTE: 
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51306 - data/CVE

Reply via email to