[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update xpdf CVEs

Tue, 20 Feb 2018 03:34:50 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
afaae930 by Salvatore Bonaccorso at 2018-02-20T12:32:52+01:00
Update xpdf CVEs

Thanks: Florian Schlichting

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -223,17 +223,20 @@ CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF 
flaw, which leads to ad
        [wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, 
already vulnerable to SQL injection in CVE-2014-3973)
        NOTE: 
https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
 CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer 
dereference in ...)
-       - xpdf <undetermined>
+       - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
-       TODO: check
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in 
XRef::Xref ...)
-       - xpdf <undetermined>
+       - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
-       TODO: check
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 
allows an ...)
-       - xpdf <undetermined>
+       - xpdf <unfixed> (unimportant)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
-       TODO: check
+       NOTE: src:xpdf switched to use system poppler libary in 3.02-3
+       TODO: check, poppler
 CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins 
versions ...)
        - jenkins <removed>
 CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins 
versions ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/afaae930856525732edb927dfba3b46f59569071

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/afaae930856525732edb927dfba3b46f59569071
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to