[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2018-19478/ghostscript

Thu Dec 6 07:36:11 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96b626b2 by Salvatore Bonaccorso at 2018-12-06T07:34:51Z
Add CVE-2018-19478/ghostscript

- - - - -
d3835124 by Salvatore Bonaccorso at 2018-12-06T07:35:08Z
Cleanup trailing whitespaces

- - - - -
c2a69ae4 by Salvatore Bonaccorso at 2018-12-06T07:35:48Z
CVE-2018-19478 was fixed with DSA-4346-1

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -500,7 +500,7 @@ CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dc
 	- ufraw <unfixed> (bug #890086)
 	- dcraw 9.28-2 (bug #906529)
 CVE-2018-19654 (An issue was discovered in Sales & Company Management System (SCMS) ...)
-	NOT-FOR-US: Sales & Company Management System (SCMS) 
+	NOT-FOR-US: Sales & Company Management System (SCMS)
 CVE-2018-19653
 	RESERVED
 CVE-2018-19652
@@ -3620,8 +3620,11 @@ CVE-2018-19480
 	RESERVED
 CVE-2018-19479
 	RESERVED
-CVE-2018-19478
+CVE-2018-19478 [Attempting to open a carefully crafted PDF file results in long-running computation]
 	RESERVED
+	- ghostscript 9.26~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
 CVE-2018-19474
 	RESERVED
 CVE-2018-19473
@@ -8610,7 +8613,7 @@ CVE-2018-17616 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code ...)
-	NOT-FOR-US: Losant Arduino MQTT Client 
+	NOT-FOR-US: Losant Arduino MQTT Client
 CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...)
 	- telegram-desktop <unfixed>
 	NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html


=====================================
data/DSA/list
=====================================
@@ -8,7 +8,7 @@
 	{CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314}
 	[stretch] - perl 5.24.1-3+deb9u5
 [27 Nov 2018] DSA-4346-1 ghostscript - security update
-	{CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-19134}
+	{CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-19134 CVE-2018-19478}
 	[stretch] - ghostscript 9.26~dfsg-0+deb9u1
 [27 Nov 2018] DSA-4345-1 samba - security update
 	{CVE-2018-14629 CVE-2018-16841 CVE-2018-16851}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b854f7c59eb9514142c5d1471936880eaef705e7...c2a69ae45a5410f2b0ebf0a6756c60c218909929

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b854f7c59eb9514142c5d1471936880eaef705e7...c2a69ae45a5410f2b0ebf0a6756c60c218909929
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181206/6c64807e/attachment.html>
