FS#61651 - [podofo] [Security] denial of service (CVE-2018-20751)

Attached to Project: Community Packages
Opened by Morten Linderud (Foxboron) - Wednesday, 06 February 2019, 12:25 GMT
Last edited by Jelle van der Waa (jelly) - Saturday, 13 February 2021, 12:57 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jelle van der Waa (jelly)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package podofo is vulnerable to denial of service via CVE-2018-20751.

Guidance
========

Apply patch from svn revision 1954.

References
==========

https://security.archlinux.org/AVG-867
https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
https://sourceforge.net/p/podofo/tickets/33/
https://sourceforge.net/p/podofo/code/1954
This task depends upon

Closed by  Jelle van der Waa (jelly)
Saturday, 13 February 2021, 12:57 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 0.9.7-1
Comment by loqs (loqs) - Monday, 12 August 2019, 15:10 GMT
In addition to CVE-2018-20751 the PKGBUILD also merges revisions for
CVE-2017-7381 AVG-216
CVE-2017-7382 AVG-216
CVE-2017-7383 AVG-216
CVE-2018-11256
CVE-2017-8054 CVE-2018-11254
cmake3-12 compatibility avoids having to create test/TokenizerTest/objects before make
pkgconfig fixes generated .pc
openssl1-1-0g possible incompatibility
CVE-2018-12982
CVE-2018-12982
CVE-2018-5783
CVE-2018-19532
CVE-2018-11255
CVE-2018-14320
heap overflow
CVE-2019-9687
CVE-2019-9199
nullptr * 5 (2 disabled as causal revision is not merged)
infinite recursion
   PKGBUILD (1.9 KiB)

Loading...