Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f691202 by Salvatore Bonaccorso at 2019-08-16T04:06:05Z
Add CVE-2019-14975/mupdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -318,7 +318,10 @@ CVE-2019-14977
 CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords 
parameter ...)
        NOT-FOR-US: idreamsoft iCMS
 CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read 
in fz_ch ...)
-       TODO: check
+       - mupdf <not-affected> (Vulnerable code introduced later)
+       NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292
+       NOTE: Introduced by: 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321
 (1.16.0-rc1)
+       NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8
 (1.16.0)
 CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows 
mobile/error-not-supported-platform.h ...)
        NOT-FOR-US: SugarCRM
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF 
through ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to