Mattia Rizzolo pushed to branch master at Debian Security Tracker / security-tracker
Commits: c20878eb by Mattia Rizzolo at 2018-03-11T16:35:55+01:00 add a note with the upstream commits Signed-off-by: Mattia Rizzolo <mat...@debian.org> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -108,6 +108,7 @@ CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...) - libpodofo <unfixed> (bug #892556) NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469 NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/ + NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909 CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...) - libpodofo <unfixed> (bug #892520) NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918 @@ -7770,6 +7771,7 @@ CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/tickets/5/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381 + Note: upstream commit: https://sourceforge.net/p/podofo/code/1907 CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...) - libpodofo 0.9.5-9 (low) [stretch] - libpodofo <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c20878eb64ce5cb3f1f8cbc8269954e0b50c715a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits