Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd9a9a30 by Salvatore Bonaccorso at 2020-09-03T21:49:42+02:00
Track several poppler issues fixed in unstable
Those were fixed earlier in experimental already and moved to unstable
with the 0.85.0-2 upload. Keep the former experimenal information just
for information.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75040,7 +75040,7 @@ CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has
an out-of-bounds write in
- 3proxy <itp> (bug #718219)
CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a
divide-b ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (bug #933812)
+ - poppler 0.85.0-2 (bug #933812)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
@@ -86420,7 +86420,7 @@ CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through
2.8.0 has a remotely explo
NOTE:
https://github.com/openid/ruby-openid/commit/f526132c6cb5d9195351c16ed36dced4ca3db496
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0
has infini ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #926721)
+ - poppler 0.85.0-2 (low; bug #926721)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <ignored> (Minor issue)
@@ -86874,7 +86874,7 @@ CVE-2019-10872 (An issue was discovered in Poppler
0.74.0. There is a heap-based
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a
heap-based buffe ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #926529)
+ - poppler 0.85.0-2 (low; bug #926529)
[buster] - poppler <postponed> (Revisit when fixed upstream)
[stretch] - poppler <postponed> (Revisit when fixed upstream)
[jessie] - poppler <postponed> (Revisit when fixed upstream)
@@ -89369,7 +89369,7 @@ CVE-2019-9960 (The downloadZip function in
application/controllers/admin/export.
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier
doesn't che ...)
{DLA-1963-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #941776)
+ - poppler 0.85.0-2 (low; bug #941776)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
@@ -89558,7 +89558,7 @@ CVE-2019-9904 (An issue was discovered in
lib\cdt\dttree.c in libcdt.a in graphv
NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles
dict mark ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #925264)
+ - poppler 0.85.0-2 (low; bug #925264)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Vulnerable code not present)
@@ -106878,7 +106878,7 @@ CVE-2018-20651 (A NULL pointer dereference was
discovered in elf_link_add_object
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0
allows atta ...)
{DLA-1939-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #917974)
+ - poppler 0.85.0-2 (low; bug #917974)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
@@ -118992,7 +118992,7 @@ CVE-2018-19059 (An issue was discovered in Poppler
0.71.0. There is a out-of-bou
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a
reachable abort ...)
{DLA-1706-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #913177)
+ - poppler 0.85.0-2 (low; bug #913177)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
@@ -119372,7 +119372,7 @@ CVE-2018-18898 (The email-ingestion feature in Best
Practical Request Tracker 4.
NOTE:
https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory
leak in G ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #913164)
+ - poppler 0.85.0-2 (low; bug #913164)
[buster] - poppler <ignored> (Negligible security impact)
[stretch] - poppler <ignored> (Negligible security impact)
[jessie] - poppler <ignored> (Negligible security impact; memory leak)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a9a3064f067cdefc20bcf4c6d37eef35f4b4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a9a3064f067cdefc20bcf4c6d37eef35f4b4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
