Mattia Rizzolo pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c20878eb by Mattia Rizzolo at 2018-03-11T16:35:55+01:00
add a note with the upstream commits
Signed-off-by: Mattia Rizzolo <mat...@debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -108,6 +108,7 @@ CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based
buffer over-read ...)
- libpodofo <unfixed> (bug #892556)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
+ NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...)
- libpodofo <unfixed> (bug #892520)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
@@ -7770,6 +7771,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer
overflow in the ...)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/5/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
+ Note: upstream commit: https://sourceforge.net/p/podofo/code/1907
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the
...)
- libpodofo 0.9.5-9 (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
