Author: mattia Date: 2017-05-03 10:37:46 +0000 (Wed, 03 May 2017) New Revision: 51306
Modified: data/CVE/list Log: record libpodofo fixes Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-03 10:15:32 UTC (rev 51305) +++ data/CVE/list 2017-05-03 10:37:46 UTC (rev 51306) @@ -2978,7 +2978,7 @@ NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...) {DLA-929-1} - - libpodofo <unfixed> (bug #859331) + - libpodofo 0.9.4-5 (bug #859331) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2 NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/ CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...) @@ -5708,7 +5708,7 @@ NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...) {DLA-929-1} - - libpodofo <unfixed> (bug #861561) + - libpodofo 0.9.4-5 (bug #861561) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ @@ -7442,7 +7442,7 @@ NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1) CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken ...) {DLA-929-1} - - libpodofo <unfixed> (bug #854604) + - libpodofo 0.9.4-5 (bug #854604) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693 @@ -7993,14 +7993,14 @@ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...) {DLA-929-1} - - libpodofo <unfixed> (bug #854602) + - libpodofo 0.9.4-5 (bug #854602) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...) {DLA-929-1} - - libpodofo <unfixed> (bug #854601) + - libpodofo 0.9.4-5 (bug #854601) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits