Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
602f0b44 by Neil Williams at 2021-08-06T13:00:16+01:00
Update notes for mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1974,8 +1974,10 @@ CVE-2021-37221
RESERVED
CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the
cached col ...)
- mupdf 1.17.0+ds1-2 (bug #991402)
+ [stretch] - mupdf <not-affected> (Vulnerable code not present)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791
+ NOTE: On Stretch, an earlier version of the code exits early instead of
crashing.
CVE-2021-37219
RESERVED
CVE-2021-37218
@@ -178181,6 +178183,8 @@ CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an
infinite loop in the functi
- mupdf 1.15.0+ds1-1 (unimportant; bug #915137)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
NOTE: No security impact, hang in GUI/CLI tool
+ NOTE: Not able to reproduce on buster or stretch
+ NOTE: upstream fix for bug #700301 may be incomplete
CVE-2018-19776
RESERVED
CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE
Version 5.1 (b ...)
@@ -268478,14 +268482,12 @@ CVE-2016-10248 (The jpc_tsfb_synthesize function in
jpc_tsfb.c in JasPer before
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in
Mujstes ...)
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
- [stretch] - mupdf <ignored> (Vulnerable code not packaged or compiled)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
NOTE: it is not included in the produced binary packages
NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in
Mujstest in A ...)
- mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
- [stretch] - mupdf <ignored> (Vulnerable code not packaged or compiled)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
NOTE: it is not included in the produced binary packages
NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602f0b44ec4e6ec96ef1d26935ae9c712421918f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602f0b44ec4e6ec96ef1d26935ae9c712421918f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
