Update information for CVE-2020-35702/poppler

author: Salvatore Bonaccorso <carnil@debian.org> 2020-12-25 14:37:48 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-12-25 14:37:48 +0100
commit: aea4bf288ce1aa8ea9293b6052ebb743aa861c5f (patch)
tree: 3b1439cf3638bc1c83e69ecc581b86768e834dab /data
parent: d65dabd0e58058fd23e811035614d4cc804d76b8 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a477bab107..33b834db13 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,10 +11,10 @@ CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the
 CVE-2020-35703
 	RESERVED
 CVE-2020-35702 (DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...)
-	- poppler <undetermined>
+	- poppler <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
-	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
-	TODO: check
+	NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
+	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
 CVE-2020-35701
 	RESERVED
 CVE-2020-35700
author	Salvatore Bonaccorso <carnil@debian.org>	2020-12-25 14:37:48 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-12-25 14:37:48 +0100
commit	aea4bf288ce1aa8ea9293b6052ebb743aa861c5f (patch)
tree	3b1439cf3638bc1c83e69ecc581b86768e834dab /data
parent	d65dabd0e58058fd23e811035614d4cc804d76b8 (diff)