Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 37d37bec by Salvatore Bonaccorso at 2020-08-22T07:53:21+02:00 Switch some http://git.ghostscript.com URLS - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -16662,11 +16662,11 @@ CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevt {DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) {DLA-2335-1} @@ -16676,7 +16676,7 @@ CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/ja CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) @@ -16724,7 +16724,7 @@ CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/ CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796 CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...) {DLA-2335-1} @@ -16744,12 +16744,12 @@ CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/ja CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787 CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786 CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...) {DLA-2335-1} @@ -16759,7 +16759,7 @@ CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/g CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...) {DLA-2335-1} - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791 CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...) {DLA-2335-1} @@ -71938,8 +71938,8 @@ CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords par CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...) - mupdf <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292 - NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0) + NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0) CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...) NOT-FOR-US: SugarCRM CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) @@ -72411,7 +72411,7 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50, NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768911 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting - NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff + NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...) {DLA-2284-1} @@ -72666,10 +72666,10 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting - NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff + NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...) {DLA-2114-1 DLA-1930-1} @@ -72691,28 +72691,28 @@ CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.50, in th {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting - NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff + NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14812 (A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting - NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff + NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting - NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff + NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14810 (A vulnerability has been found in the implementation of the Label Dist ...) NOT-FOR-US: EOS @@ -78527,9 +78527,9 @@ CVE-2019-13290 (Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_appe - mupdf 1.15.0+ds1-1 (bug #931475) [jessie] - mupdf <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701118 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85 - NOTE: Introduced in 1.6 / http://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85 + NOTE: Introduced in 1.6 / https://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88 CVE-2019-13289 (In Xpdf 4.01.01, there is a use-after-free vulnerability in the functi ...) - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed) CVE-2019-13288 (In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause ...) @@ -87064,7 +87064,7 @@ CVE-2019-10216 (In ghostscript before version 9.50, the .buildfont1 procedure di - ghostscript 9.27~dfsg-3.1 (bug #934638) NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...) NOT-FOR-US: Bootstrap-3-Typeahead CVE-2019-10214 (The containers/image library used by the container tools Podman, Build ...) @@ -96104,8 +96104,8 @@ CVE-2019-7322 CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg in Art ...) - mupdf <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700560 - NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1) + NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1) CVE-2019-7320 RESERVED CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PD ...) @@ -99117,12 +99117,12 @@ CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient proce {DSA-4372-1 DLA-1670-1} - ghostscript 9.26a~dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700317 CVE-2019-6115 @@ -104566,9 +104566,9 @@ CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before CVE-2019-3839 (It was found that in ghostscript some privileged operators remained ac ...) {DSA-4442-1 DLA-1792-1} - ghostscript 9.27~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 NOTE: To prevent pdf2dsc regression additionally: - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59 CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...) {DSA-4432-1 DLA-1761-1} [experimental] - ghostscript 9.27~~dc1~dfsg-1 @@ -116040,7 +116040,7 @@ CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file {DSA-4346-1 DLA-1620-1} - ghostscript 9.26~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace CVE-2018-19474 RESERVED CVE-2018-19473 @@ -116090,20 +116090,20 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the c CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168 CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169 CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153 CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...) {DSA-4353-1 DLA-1700-1 DLA-1608-1} @@ -117345,8 +117345,8 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did {DSA-4346-1 DLA-1620-1} - ghostscript 9.26~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26) CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...) NOT-FOR-US: Flarum Core CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...) @@ -118501,7 +118501,7 @@ CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c - mupdf 1.14.0+ds1-3 (bug #912013) [jessie] - mupdf <not-affected> (vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...) {DLA-2009-1} - tiff 4.0.10-1 (unimportant; bug #912012) @@ -119589,7 +119589,7 @@ CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 NOTE: https://www.openwall.com/lists/oss-security/2018/10/16/2 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b CVE-2018-18283 RESERVED CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...) @@ -120260,7 +120260,7 @@ CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protect - ghostscript 9.25~dfsg-3 (bug #910758) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c NOTE: https://www.openwall.com/lists/oss-security/2018/10/10/12 CVE-2018-18072 RESERVED @@ -120602,9 +120602,9 @@ CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass - ghostscript 9.25~dfsg-3 (bug #910678) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682 NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source ...) - ckeditor 4.11.1+dfsg-1 (low) [stretch] - ckeditor <no-dsa> (Minor issue) @@ -122727,7 +122727,7 @@ CVE-2018-17183 (Artifex Ghostscript before 9.25 allowed a user-writable error ex {DSA-4294-1 DLA-1527-1} - ghostscript 9.25~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699708 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka audiof ...) - audiofile 0.3.6-5 (low; bug #913166) [stretch] - audiofile 0.3.6-4+deb9u1 @@ -123648,8 +123648,8 @@ CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Inco {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590 CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...) NOT-FOR-US: SolarWinds SFTP/SCP server @@ -125859,26 +125859,26 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote ...) @@ -125957,65 +125957,65 @@ CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetres {DSA-4288-1 DLA-1527-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908303) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670 CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668 CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664 CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661 CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658 NOTE: To not break cups with https://github.com/apple/cups/issues/5392 NOTE: an additional (no-security) followup fix is needed as: - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f NOTE: Cf. https://bugs.debian.org/908300 CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655 CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type con ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659 CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908304) [stretch] - ghostscript <not-affected> (Introduced in 9.22) [jessie] - ghostscript <not-affected> (vulnerable code is not present) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #907332; bug #907703) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654 NOTE: Partially fixed in 9.22~dfsg-3, see #907703 CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...) {DSA-4288-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908305) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663 CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...) NOT-FOR-US: Wordpress plugin @@ -137333,7 +137333,7 @@ CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the st {DSA-4336-1 DLA-1504-1} - ghostscript 9.21~dfsg-1 (low) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) CVE-2018-11644 RESERVED CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic ...) @@ -141131,7 +141131,7 @@ CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space [jessie] - mupdf <not-affected> (Vulnerable code introduced later) [wheezy] - mupdf <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271 - NOTE: Introduced in http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8) + NOTE: Introduced in https://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8) CVE-2018-10288 RESERVED CVE-2018-10287 @@ -141374,7 +141374,7 @@ CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in t - ghostscript 9.22~dfsg-2.1 (bug #896069) [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 [jessie] - ghostscript 9.06~dfsg-2+deb8u7 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public) CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dere ...) - linux 4.16.12-1 @@ -151363,7 +151363,7 @@ CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized val NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...) - mupdf 1.13.0+ds1-1 [stretch] - mupdf <not-affected> (vulnerable code not present) @@ -151373,17 +151373,17 @@ CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...) - mupdf 1.13.0+ds1-1 [stretch] - mupdf <not-affected> (vulnerable code not present) [jessie] - mupdf <not-affected> (vulnerable code not present) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...) {DSA-4334-1} - mupdf 1.13.0+ds1-1 @@ -151394,14 +151394,14 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...) - mupdf 1.14.0+ds1-1 (unimportant; bug #900129) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 NOTE: negligible security impact, memory leak in CLI tool CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6. ...) {DLA-2082-1} @@ -151562,9 +151562,9 @@ CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could {DSA-4152-1} - mupdf 1.12.0+ds1-1 (bug #891245) [wheezy] - mupdf <ignored> (Most likely not affected, minor issue) - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965 NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html @@ -154560,7 +154560,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and appl NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860 NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider NOTE: EOF. - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079 CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ha ...) {DSA-4321-1 DLA-1456-1 DLA-1245-1} - graphicsmagick 1.3.27-4 (bug #887158) @@ -160362,7 +160362,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certai - mupdf 1.12.0+ds1-1 (bug #885120) [jessie] - mupdf <no-dsa> (Minor issue) [wheezy] - mupdf <no-dsa> (Minor issue) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public) CVE-2017-17865 RESERVED @@ -160393,8 +160393,8 @@ CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to by CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in pdf/pd ...) - mupdf <not-affected> (Vulnerable code introduced in 1.11.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 - NOTE: Commit http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 + NOTE: Commit https://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd NOTE: switches to use int64_t for public file API offsets and introduced the flaw. NOTE: https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md CVE-2017-17851 @@ -175378,7 +175378,7 @@ CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The - ghostscript 9.25~dfsg-1 [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) NOT-FOR-US: PRTG Network Monitor @@ -175620,7 +175620,7 @@ CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...) {DSA-4006-2 DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-2 (bug #879055) - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) NOTE: https://nandynarwhals.org/CVE-2017-15587/ CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...) @@ -176200,8 +176200,8 @@ CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...) - mupdf <not-affected> (Vulnerable code introduced later) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a - NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a + NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592 CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...) - radare2 2.1.0+dfsg-1 (bug #878767) @@ -178427,7 +178427,7 @@ CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf <no-dsa> (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...) {DSA-4006-1} @@ -178435,14 +178435,14 @@ CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or [jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) {DSA-4006-1} - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487) NOTE: https://github.com/ImageMagick/ImageMagick/issues/770 @@ -187278,7 +187278,7 @@ CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references t [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869977) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) CVE-2017-11713 RESERVED CVE-2017-11712 @@ -191189,7 +191189,7 @@ CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghosts [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869907) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...) NOT-FOR-US: WatuPRO plugin for WordPress CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...) @@ -193223,13 +193223,13 @@ CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869910) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) CVE-2017-9738 RESERVED CVE-2017-9737 @@ -193261,13 +193261,13 @@ CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghost [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869913) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869915) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...) {DLA-1021-1 DLA-1020-1} - jetty9 9.2.22-1 (bug #864898) @@ -193508,21 +193508,21 @@ CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870174) [jessie] - wireshark <no-dsa> (Minor issue) @@ -193547,20 +193547,20 @@ CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript Gho [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869916) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869917) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...) NOT-FOR-US: Blackcat CMS CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...) @@ -194976,7 +194976,7 @@ CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghos [jessie] - jbig2dec <no-dsa> (Minor issue) [wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 CVE-2017-9215 RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) @@ -195975,7 +195975,7 @@ CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.2 [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810 - NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...) NOT-FOR-US: Atlassian Bamboo @@ -198481,12 +198481,12 @@ CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads becau {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860787) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...) {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860788) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...) NOT-FOR-US: Schneider Electric CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...) @@ -198555,8 +198555,8 @@ CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscrip [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 - NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...) NOT-FOR-US: NetApp @@ -198858,7 +198858,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading t {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860460) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) - apcupsd <not-affected> (Only APC UPS Daemon on Windows) CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...) @@ -200810,7 +200810,7 @@ CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Art [jessie] - ghostscript 9.06~dfsg-2+deb8u7 [wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 NOTE: I got the reproducer file from the bug submitter and tried to reproduce it. NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2 @@ -201388,7 +201388,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 - NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow @@ -201679,7 +201679,7 @@ CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows r CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...) {DSA-3838-1 DLA-1048-1} - ghostscript 9.20~dfsg-3 (bug #858350) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676 CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...) - libav <removed> @@ -204680,8 +204680,8 @@ CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2. CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...) - ghostscript <not-affected> (Issue introduced later, cf. bug #856142) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 - NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 + NOTE: Possibly introduced only after https://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...) NOT-FOR-US: Ipswitch MOVEit Transfer CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...) @@ -205171,7 +205171,7 @@ CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 19 - mupdf 1.9a+ds1-4 (low) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...) NOT-FOR-US: PhreeBooksERP CVE-2017-5989 @@ -205342,7 +205342,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859696) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 - NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 + NOTE: Fixed by: https://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) - yaml-cpp 0.6.3-1 (low; bug #859891) [buster] - yaml-cpp <no-dsa> (Minor issue) @@ -205394,14 +205394,14 @@ CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) - ghostscript <not-affected> (Vulnerable code introduced later) - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 - NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 + NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...) - ghostscript 9.20~dfsg-3.1 (bug #859662) [jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present) [wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase @@ -205540,7 +205540,7 @@ CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 - NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1 CVE-2017-5895 @@ -221127,7 +221127,7 @@ CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buf {DSA-3817-1 DLA-874-1} - jbig2dec 0.13-4 (bug #850497) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457 - NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 + NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...) - jasper <removed> (unimportant) NOTE: https://github.com/mdadams/jasper/issues/109 @@ -223996,7 +223996,7 @@ CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG - jbig2dec 0.13-4 (bug #863886) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438 - NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092 + NOTE: https://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092 CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...) - mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20 @@ -224341,7 +224341,7 @@ CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allo {DSA-3797-1} - mupdf 1.9a+ds1-2 (bug #840957) [wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015 NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019 CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...) @@ -224950,7 +224950,7 @@ CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9. {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (bug #840451) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 CVE-2016-8601 REJECTED CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...) @@ -225197,7 +225197,7 @@ CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass th - ghostscript 9.19~dfsg-3.1 (bug #839846) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190 NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19 CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...) @@ -225205,21 +225205,21 @@ CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remo - ghostscript 9.19~dfsg-3.1 (bug #839845) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179 NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (high; bug #839841) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169 NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (high; bug #839260) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178 NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2015-8964 (The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the L ...) {DLA-772-1} @@ -231281,7 +231281,7 @@ CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function i {DSA-3655-1 DLA-589-1} - mupdf 1.9a+ds1-1.2 (bug #833417) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...) - dotclear <removed> NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d @@ -232293,8 +232293,8 @@ CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf - mupdf 1.9a+ds1-1.1 (bug #832031) [wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 + NOTE: Possibly introduced with: https://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1) NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs, NOTE: that part of the code went trough several iterations before it settled down, and NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks @@ -267909,7 +267909,7 @@ CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in base/gsma {DSA-3326-1 DLA-280-1} - ghostscript 9.15~dfsg-1 (bug #793489) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776 CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...) {DSA-3464-1 DLA-603-1} @@ -298363,7 +298363,7 @@ CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xp - mupdf 1.3-2 (bug #738857) NOTE: http://www.hdwsec.fr/blog/mupdf.html NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c] - libclamunrar 0.97.7+dfsg-1 (bug #770647) [wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue) @@ -307346,7 +307346,7 @@ CVE-2013-5653 (The getenv and filenameforall functions in Ghostscript 9.10 ignor {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (low; bug #839118) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 CVE-2013-5652 RESERVED CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d37becdb970682250de63ef9bc2370d4d84496 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d37becdb970682250de63ef9bc2370d4d84496 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
