Summary: | <app-text/poppler-0.55.0: Multiple Vulnerabilities (CVE-2017-{9406,9408}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Volkan <vBugZilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing, reavertm, sudormrfhalt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1458702, https://bugzilla.redhat.com/show_bug.cgi?id=1458701 | ||
See Also: |
https://bugs.freedesktop.org/show_bug.cgi?id=100776 https://bugs.freedesktop.org/show_bug.cgi?id=100775 |
||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
app-text/poppler-0.56.0
|
Runtime testing required: | --- |
Bug Depends on: | 627390 | ||
Bug Blocks: |
Description
Volkan
2017-06-21 22:42:02 UTC
These have been addressed in 0.56.0, which is available in tree. There's another fix https://cgit.freedesktop.org/poppler/poppler/commit/?id=3a2759aa2a98c2157cb35731b95e393b8882f8d3 but that seems to point to a wrong CVE. @ Maintainer(s): Can we start stabilization of =app-text/poppler-0.56.0? (In reply to Thomas Deutschmann from comment #3) > @ Maintainer(s): Can we start stabilization of =app-text/poppler-0.56.0? I'm suggesting we move forward with 0.57.0 in bug #627390. Setting dependency as per suggestion These were actually fixed in 0.55 Added to existing GLSA KDE work done. This issue was resolved and addressed in GLSA 201801-17 at https://security.gentoo.org/glsa/201801-17 by GLSA coordinator Aaron Bauman (b-man). |