File _patchinfo of Package patchinfo.35911

<patchinfo incident="35911">
  <issue tracker="bnc" id="1027776">VUL-1: CVE-2017-6849: podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp)</issue>
  <issue tracker="bnc" id="1027785">VUL-1: CVE-2017-6842: podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp)</issue>
  <issue tracker="bnc" id="1027779">VUL-1: CVE-2017-6845: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h)</issue>
  <issue tracker="bnc" id="1075322">VUL-1: CVE-2018-5309: podofo: integer overflow caused by out-of-range left shift in readUInt32 (util/read.c)</issue>
  <issue tracker="bnc" id="1037000">VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp)</issue>
  <issue tracker="bnc" id="1027787">VUL-1: CVE-2017-6840: podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp)</issue>
  <issue tracker="bnc" id="1023190">VUL-1: CVE-2015-8981: podofo: heap overflow in the function ReadXRefSubsection</issue>
  <issue tracker="bnc" id="1023072">VUL-1: podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)</issue>
  <issue tracker="bnc" id="1084894">VUL-0: CVE-2018-8001: podofo: Heap overflow read vulnerability in function UnescapeName() in PdfName.cpp</issue>
  <issue tracker="bnc" id="1027786">VUL-1: CVE-2017-6841: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h)</issue>
  <issue tracker="cve" id="2017-6849"/>
  <issue tracker="cve" id="2017-6845"/>
  <issue tracker="cve" id="2017-8378"/>
  <issue tracker="cve" id="2017-6841"/>
  <issue tracker="cve" id="2015-8981"/>
  <issue tracker="cve" id="2018-8001"/>
  <issue tracker="cve" id="2017-6840"/>
  <issue tracker="cve" id="2017-6842"/>
  <issue tracker="cve" id="2018-5309"/>
  <packager>alarrosa</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for podofo</summary>
  <description>This update for podofo fixes the following issues:

 - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
 - CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
 - CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
 - CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
 - CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
 - CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
 - CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)  

 - Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)
</description>
</patchinfo>