Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d66d0416 by Thorsten Alteholz at 2018-03-14T16:06:59+01:00
mark CVEs for libpodofo as no-das
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -277,12 +277,14 @@ CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite
loop vulnerability in .
- libpodofo <unfixed> (low; bug #892557)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
- libpodofo <unfixed> (low; bug #892556)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
+ [wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66d04163462e41d42ca2f65b33fd374b692d8d6
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d66d04163462e41d42ca2f65b33fd374b692d8d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
