[Secure-testing-commits] r53991 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 27 13:05:32 UTC 2017 

Author: carnil
Date: 2017-07-27 13:05:32 +0000 (Thu, 27 Jul 2017)
New Revision: 53991

Modified:
   data/CVE/list
Log:
Add bug reference for the unimportant ghostscript issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-27 12:33:22 UTC (rev 53990)
+++ data/CVE/list	2017-07-27 13:05:32 UTC (rev 53991)
@@ -5205,7 +5205,7 @@
 CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...)
 	NOT-FOR-US: ProjectSend
 CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex ...)
-	- ghostscript <unfixed> (unimportant)
+	- ghostscript <unfixed> (unimportant; bug #869879)
 	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
 	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: The Debian binary package is not affected xps/ not used
@@ -5480,21 +5480,21 @@
 CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Telaxus/EPESI
 CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex ...)
-	- ghostscript <unfixed> (unimportant)
+	- ghostscript <unfixed> (unimportant; bug #869879)
 	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
 	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: The Debian binary package is not affected xps/ not used
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
 CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex ...)
-	- ghostscript <unfixed> (unimportant)
+	- ghostscript <unfixed> (unimportant; bug #869879)
 	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
 	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: The Debian binary package is not affected xps/ not used
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
 CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
-	- ghostscript <unfixed> (unimportant)
+	- ghostscript <unfixed> (unimportant; bug #869879)
 	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
 	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: The Debian binary package is not affected xps/ not used
@@ -5521,7 +5521,7 @@
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe
 CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
-	- ghostscript <unfixed> (unimportant)
+	- ghostscript <unfixed> (unimportant; bug #869879)
 	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
 	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: The Debian binary package is not affected xps/ not used

More information about the Secure-testing-commits mailing list