FS#61651 : [podofo] [Security] denial of service (CVE-2018-20751)

FS#61651 - [podofo] [Security] denial of service (CVE-2018-20751)

Attached to Project: Community Packages
Opened by Morten Linderud (Foxboron) - Wednesday, 06 February 2019, 12:25 GMT
Last edited by Jelle van der Waa (jelly) - Saturday, 13 February 2021, 12:57 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Jelle van der Waa (jelly) Levente Polyak (anthraxx)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package podofo is vulnerable to denial of service via CVE-2018-20751.

Guidance
========

Apply patch from svn revision 1954.

References
==========

https://security.archlinux.org/AVG-867
https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
https://sourceforge.net/p/podofo/tickets/33/
https://sourceforge.net/p/podofo/code/1954

This task depends upon

Closed by Jelle van der Waa (jelly)
Saturday, 13 February 2021, 12:57 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0.9.7-1

Comment by loqs (loqs) - Monday, 12 August 2019, 15:10 GMT

In addition to CVE-2018-20751 the PKGBUILD also merges revisions for
CVE-2017-7381 AVG-216
CVE-2017-7382 AVG-216
CVE-2017-7383 AVG-216
CVE-2018-11256
CVE-2017-8054 CVE-2018-11254
cmake3-12 compatibility avoids having to create test/TokenizerTest/objects before make
pkgconfig fixes generated .pc
openssl1-1-0g possible incompatibility
CVE-2018-12982
CVE-2018-12982
CVE-2018-5783
CVE-2018-19532
CVE-2018-11255
CVE-2018-14320
heap overflow
CVE-2019-9687
CVE-2019-9199
nullptr * 5 (2 disabled as causal revision is not merged)
infinite recursion

PKGBUILD (1.9 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#61651 - [podofo] [Security] denial of service (CVE-2018-20751)

Details

Loading...