[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14975/mupdf
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 16 05:08:46 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f691202 by Salvatore Bonaccorso at 2019-08-16T04:06:05Z
Add CVE-2019-14975/mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -318,7 +318,10 @@ CVE-2019-14977
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
- TODO: check
+ - mupdf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292
+ NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1)
+ NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0)
CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f691202e228559b35401e0e15a122a42db330d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/eab04437/attachment.html>
More information about the debian-security-tracker-commits
mailing list