Author: mattia
Date: 2017-05-18 20:43:58 +0000 (Thu, 18 May 2017)
New Revision: 51728
Modified:
data/CVE/list
Log:
get rid of this podofo issue, Mitre decided it's not CVE-worthy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-18 20:31:13 UTC (rev 51727)
+++ data/CVE/list 2017-05-18 20:43:58 UTC (rev 51728)
@@ -9560,13 +9560,6 @@
NOT-FOR-US: espeak-ruby Ruby gem
CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to
execute ...)
NOT-FOR-US: festivaltts4r
-CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat
(pdfinfo.cpp)]
- - libpodofo <unfixed> (bug #854605)
- [jessie] - libpodofo <no-dsa> (Minor issue)
- [wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
- NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/02/02/21
CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection
...)
{DLA-929-1}
- libpodofo 0.9.4-1 (bug #854599)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
