[Git][security-tracker-team/security-tracker][master] new mupdf issues
Moritz Muehlenhoff
jmm at debian.org
Thu Dec 6 15:10:07 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f23b73bd by Moritz Muehlenhoff at 2018-12-06T15:09:28Z
new mupdf issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,9 +61,15 @@ CVE-2018-19884
CVE-2018-19883
RESERVED
CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c ...)
- TODO: check
+ - mupdf <unfixed> (unimportant)
+ NOTE: Negligable security impact, crash in CLI tool
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
+ NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause ...)
- TODO: check
+ - mupdf <unfixed> (unimportant)
+ NOTE: Negligable security impact, crash in CLI tool
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
+ NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19880
RESERVED
CVE-2018-19879
@@ -71,7 +77,7 @@ CVE-2018-19879
CVE-2018-19878
RESERVED
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login ...)
- TODO: check
+ NOT-FOR-US: Adiscon LogAnalyzer
CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would ...)
TODO: check
CVE-2018-1002104
@@ -113,7 +119,7 @@ CVE-2018-19861
CVE-2018-19860
RESERVED
CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...)
- TODO: check
+ NOT-FOR-US: OpenRefine
CVE-2018-19858
RESERVED
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player ...)
@@ -5218,7 +5224,7 @@ CVE-2018-18995
CVE-2018-18994
RESERVED
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2018-18992
RESERVED
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
@@ -5226,7 +5232,7 @@ CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServ
CVE-2018-18990
RESERVED
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2018-18988
RESERVED
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
@@ -11156,7 +11162,7 @@ CVE-2018-16630
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2018-16627
RESERVED
CVE-2018-16626
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f23b73bd978ece3c91e5c9bc631353af7969fb35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f23b73bd978ece3c91e5c9bc631353af7969fb35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181206/970a7731/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list