Author: opal
Date: 2017-06-05 13:32:29 +0000 (Mon, 05 Jun 2017)
New Revision: 52323
Modified:
data/CVE/list
Log:
Marked two CVEs for libpodofo as no-dsa. They were minor isses as the problem
could not be seen in wheezy. The program exited earlier than this.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-05 12:54:09 UTC (rev 52322)
+++ data/CVE/list 2017-06-05 13:32:29 UTC (rev 52323)
@@ -2002,7 +2002,9 @@
NOT-FOR-US: Accellion FTA devices
CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry
function in ...)
- libpodofo <unfixed> (bug #861738)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: Possible unspecified impact. Needs further analysis.
+ NOTE: Proposed patch (for wheezy) attached to bug #861738.
CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a
denial of ...)
- pcre2 <unfixed> (unimportant; bug #861873)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2079
@@ -2949,7 +2951,9 @@
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects
function in ...)
- libpodofo <unfixed> (bug #861597)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
+ NOTE: Proposed patch (for wheezy) attached to bug #861597.
CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in ...)
NOT-FOR-US: GeniXCMS
CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment
that is ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
