Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb3f337a by Salvatore Bonaccorso at 2024-02-07T13:03:42+01:00
Process two CVEs associated with mupdf
Not clear if there are associated upstream reports. The CVE entry only
references to the reporters github repository.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -564,9 +564,13 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to
contain a Use-After-Free (
CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free
(UAF) v ...)
NOT-FOR-US: media-server
CVE-2024-24259 (mupdf v1.23.9 was discovered to contain a memory leak via the
menuEntr ...)
- TODO: check
+ - mupdf <unfixed>
+ NOTE:
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
+ TODO: check report upstream
CVE-2024-24258 (mupdf v1.23.9 was discovered to contain a memory leak via the
menuEntr ...)
- TODO: check
+ - mupdf <unfixed>
+ NOTE:
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
+ TODO: check report upstream
CVE-2024-23109 (An improper neutralization of special elements used in an os
command ( ...)
NOT-FOR-US: FortiGuard
CVE-2024-23108 (An improper neutralization of special elements used in an os
command ( ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3f337ab17a4b2cda8ff4ca114319ff0e47c686
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3f337ab17a4b2cda8ff4ca114319ff0e47c686
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
