[Git][security-tracker-team/security-tracker][master] 2 commits: CVE for mupdf will be fixed

Sat, 25 Jul 2020 15:10:11 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eb489ac4 by Thorsten Alteholz at 2020-07-26T00:07:47+02:00
CVE for mupdf will be fixed

- - - - -
270b89bb by Thorsten Alteholz at 2020-07-26T00:08:41+02:00
Reserve DLA-2289-1 for mupdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -81022,7 +81022,6 @@ CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has 
infinite recursion with sta
 CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of 
the fi ...)
        {DLA-1838-1}
        - mupdf 1.14.0+ds1-3 (bug #918971)
-       [stretch] - mupdf <no-dsa> (Minor issue)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
        NOTE: 
http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
 CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 
has a  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jul 2020] DLA-2289-1 mupdf - security update
+       {CVE-2018-16647 CVE-2018-16648 CVE-2018-18662 CVE-2019-6130 
CVE-2019-13290}
+       [stretch] - mupdf 1.9a+ds1-4+deb9u5
 [25 Jul 2020] DLA-2288-1 qemu - security update
        {CVE-2017-9503 CVE-2019-12068 CVE-2019-20382 CVE-2020-1983 
CVE-2020-8608 CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 
CVE-2020-13754 CVE-2020-13765 CVE-2020-15863}
        [stretch] - qemu 1:2.8+dfsg-6+deb9u10


=====================================
data/dla-needed.txt
=====================================
@@ -106,10 +106,6 @@ mumble
   NOTE: 20200504: discussion going on with [email protected] and mumble 
maintainer (abhijith)
   NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg00008.html 
(abhijith)
 --
-mupdf (Thorsten Alteholz)
-  NOTE: 20200708: Vulnerable to at least CVE-2019-13290. (lamby)
-  NOTE: 20200719: testing package (thorsten)
---
 node-lodash
 --
 nss (Adrian Bunk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/594753c3b3c72b077c67a3bbac510b31c7d76725...270b89bb4c6a6817c08e2d8a138a1b7963c673b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/594753c3b3c72b077c67a3bbac510b31c7d76725...270b89bb4c6a6817c08e2d8a138a1b7963c673b8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to