Summary: | app-text/podofo: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | tonemgub |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/podofo/code/commit_browser | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
tonemgub
2018-03-13 20:26:31 UTC
Zac could you confirm if we are affected by those vulns? Thank you. CVE-2018-8001: https://sourceforge.net/p/podofo/tickets/14/ https://sourceforge.net/p/podofo/code/1909 (fix) CVE-2018-6352: https://sourceforge.net/p/podofo/tickets/3/ (open) CVE-2018-5309: https://sourceforge.net/p/podofo/tickets/5/ https://sourceforge.net/p/podofo/code/1907 (fix) CVE-2018-5308: https://sourceforge.net/p/podofo/code/1876/ (fix) I've added a podofo-0.9.6_p20180715 ebuild which includes fixes for CVE-2018-5308, CVE-2018-5309, and CVE-2018-8001, but CVE-2018-6352 remains unfixed: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=289e000c530215f2c921ea3e21d195b37b390c9c Earlier versions are affected by all 4 issues. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |