Open Spaky opened 3 weeks ago
Hello,
we should update libpng, zlib sources which are part of component PDF because the current included versions has several CVEs. PDF in poco 1.13.3 uses:
||Severity||Vulnerability Id||CVSS 3 Score||Published|| |Critical|CVE-2022-37434|9,8|05.08.2022| |Critical|CVE-2010-1205|9,8|30.06.2010| |Critical|CVE-2017-12652|9,8|10.07.2019| |High|CVE-2011-2692|8,8|17.07.2011| |High|CVE-2016-10087|7,5|30.01.2017| |High|CVE-2015-8472|7,3|21.01.2016| |Medium|WS-2020-0368|6,5|22.02.2020| |Medium|CVE-2010-2249|6,5|30.06.2010| |Medium|CVE-2011-2501|6,5|17.07.2011| |Medium|CVE-2011-2691|6,5|17.07.2011| |Medium|CVE-2008-6218|5,9|20.02.2009| |Medium|CVE-2011-3048|5,6|29.05.2012| |Medium|CVE-2011-3045|5,6|22.03.2012| |Medium|CVE-2015-7981|5,3|24.11.2015| |Medium|CVE-2015-2158|4,9|06.10.2017| |Low|CVE-2010-0205|3,7|03.03.2010| |Low|CVE-2008-3964|3,7|11.09.2008| |Low|CVE-2012-3425|3,7|13.08.2012|
Maybe libharu 2.2.0 should be also updated.
Hello,
we should update libpng, zlib sources which are part of component PDF because the current included versions has several CVEs. PDF in poco 1.13.3 uses:
||Severity||Vulnerability Id||CVSS 3 Score||Published|| |Critical|CVE-2022-37434|9,8|05.08.2022| |Critical|CVE-2010-1205|9,8|30.06.2010| |Critical|CVE-2017-12652|9,8|10.07.2019| |High|CVE-2011-2692|8,8|17.07.2011| |High|CVE-2016-10087|7,5|30.01.2017| |High|CVE-2015-8472|7,3|21.01.2016| |Medium|WS-2020-0368|6,5|22.02.2020| |Medium|CVE-2010-2249|6,5|30.06.2010| |Medium|CVE-2011-2501|6,5|17.07.2011| |Medium|CVE-2011-2691|6,5|17.07.2011| |Medium|CVE-2008-6218|5,9|20.02.2009| |Medium|CVE-2011-3048|5,6|29.05.2012| |Medium|CVE-2011-3045|5,6|22.03.2012| |Medium|CVE-2015-7981|5,3|24.11.2015| |Medium|CVE-2015-2158|4,9|06.10.2017| |Low|CVE-2010-0205|3,7|03.03.2010| |Low|CVE-2008-3964|3,7|11.09.2008| |Low|CVE-2012-3425|3,7|13.08.2012|
Maybe libharu 2.2.0 should be also updated.