[Git][security-tracker-team/security-tracker][master] 2 commits: Add note for mupdf that maintainer is preparing an update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca72bbaf by Salvatore Bonaccorso at 2018-10-28T20:14:12Z
Add note for mupdf that maintainer is preparing an update

- - - - -
f7c5a72a by Salvatore Bonaccorso at 2018-10-28T20:14:12Z
Remove no-dsa tagged entries which will get an update

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -33039,7 +33039,6 @@ CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2
 	NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
 	- mupdf 1.13.0+ds1-1 (bug #888487)
-	[stretch] - mupdf <no-dsa> (Minor issue)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
@@ -33085,7 +33084,6 @@ CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before
 	NOTE: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
 CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...)
 	- mupdf 1.13.0+ds1-1 (bug #888464)
-	[stretch] - mupdf <no-dsa> (Minor issue)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
@@ -35041,7 +35039,6 @@ CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings und
 	NOT-FOR-US: NewsBee CMS
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
 	- mupdf 1.13.0+ds1-1 (bug #887130)
-	[stretch] - mupdf <no-dsa> (Minor issue)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
@@ -40807,7 +40804,6 @@ CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticate
 	NOT-FOR-US: Inteno iopsys
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
 	- mupdf 1.12.0+ds1-1 (bug #885120)
-	[stretch] - mupdf <no-dsa> (Minor issue)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0


=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,7 @@ mercurial
 --
 mupdf
   leaf package, might be a candidate for simply moving to 1.13 in stretch
+  Maintainer (koster) is preparing an update
 --
 openjpeg2 (luciano)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ecba9cd10797d80f238a279c0000f06cf8a0bc3f...f7c5a72a21779f56eec00230daf4d4a8d3379ab2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ecba9cd10797d80f238a279c0000f06cf8a0bc3f...f7c5a72a21779f56eec00230daf4d4a8d3379ab2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181028/1f09c513/attachment.html>