[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14975/mupdf

Fri Aug 16 05:08:46 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f691202 by Salvatore Bonaccorso at 2019-08-16T04:06:05Z
Add CVE-2019-14975/mupdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -318,7 +318,10 @@ CVE-2019-14977
 CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
-	TODO: check
+	- mupdf <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292
+	NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1)
+	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0)
 CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
 	NOT-FOR-US: SugarCRM
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/eab04437/attachment.html>
