Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debian.org>;
Reported by: Guido Günther <agx@sigxcpu.org>
Date: Sat, 4 Feb 2017 10:51:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions 0.9.4-5, 0.9.0-1.1
Fixed in version 0.9.5-9
Done: Mattia Rizzolo <mattia@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
Outlook: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/
View this report as an mbox folder, status mbox, maintainer mbox
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Set Bug forwarded-to-address to 'https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469'.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Sat, 04 Feb 2017 14:06:07 GMT) (full text, mbox, link).
Severity set to 'important' from 'serious'
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:10 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:11 GMT) (full text, mbox, link).
Bug 854118 cloned as bugs 854599, 854600, 854601, 854602, 854603, 854604, 854605
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:11 GMT) (full text, mbox, link).
Changed Bug title to 'libpodofo: CVE-2017-5854 - NULL pointer dereference in PdfOutputStream.cpp' from 'Multiple issues in libpodofo'.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:14 GMT) (full text, mbox, link).
Changed Bug forwarded-to-address to 'https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936' from 'https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469'.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:24 GMT) (full text, mbox, link).
Outlook recorded from message bug 854602 message
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Wed, 08 Feb 2017 16:21:24 GMT) (full text, mbox, link).
Message #22 received at 854602@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) fixed-upstream.
Request was from Mattia Rizzolo <mattia@debian.org>
to 854602-submit@bugs.debian.org
.
(Fri, 07 Apr 2017 19:03:08 GMT) (full text, mbox, link).
Marked as fixed in versions 0.9.0-1.1+deb7u1.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Apr 2017 18:57:13 GMT) (full text, mbox, link).
Marked as found in versions 0.9.0-1.1.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Apr 2017 19:03:06 GMT) (full text, mbox, link).
Message sent on
to Guido Günther <agx@sigxcpu.org>
:
Bug#854602.
(Wed, 03 May 2017 09:51:10 GMT) (full text, mbox, link).
Message #31 received at 854602-submitter@bugs.debian.org (full text, mbox, reply):
Added tag(s) pending.
Request was from Mattia Rizzolo <mattia@debian.org>
to 854602-submitter@bugs.debian.org
.
(Wed, 03 May 2017 09:51:10 GMT) (full text, mbox, link).
Reply sent
to Mattia Rizzolo <mattia@debian.org>
:
You have taken responsibility.
(Wed, 03 May 2017 10:06:06 GMT) (full text, mbox, link).
Message #38 received at 854602-close@bugs.debian.org (full text, mbox, reply):
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 17 Jun 2017 07:24:51 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:39:08 GMT) (full text, mbox, link).
Marked as found in versions 0.9.4-5; no longer marked as fixed in versions libpodofo/0.9.4-5 and reopened.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:39:08 GMT) (full text, mbox, link).
Marked as fixed in versions 0.9.5-9.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:39:09 GMT) (full text, mbox, link).
Changed Bug title to 'libpodofo: CVE-2017-5854/CVE-2018-5308 - NULL pointer dereference in PdfOutputStream.cpp' from 'libpodofo: CVE-2017-5854 - NULL pointer dereference in PdfOutputStream.cpp'.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:39:11 GMT) (full text, mbox, link).
No longer marked as fixed in versions 0.9.0-1.1+deb7u1.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:51:03 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Jun 2018 08:51:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 14 Jul 2018 07:24:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.