[Git][security-tracker-team/security-tracker][master] 3 commits: data/DLA/list: Manually correct one of the CVEs of DLA-1838-1. Package upload...

Fri Jun 28 10:59:36 BST 2019


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2a52531 by Mike Gabriel at 2019-06-28T09:32:11Z
data/DLA/list: Manually correct one of the CVEs of DLA-1838-1. Package upload already cancelled with dcut, if that fails, I will add a follow-up upload with correct CVE listed.

- - - - -
09094344 by Mike Gabriel at 2019-06-28T09:58:05Z
data/DLA/list: Manually fix mupdf version for DLA-1838-1.

- - - - -
b1f292b8 by Mike Gabriel at 2019-06-28T09:59:17Z
data/CVE/list: Drop <no-dsa> tags for resolved CVE issues in mupdf/jessie.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18131,7 +18131,6 @@ CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with sta
 CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...)
 	- mupdf 1.14.0+ds1-3 (bug #918971)
 	[stretch] - mupdf <no-dsa> (Minor issue)
-	[jessie] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
 CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a  ...)
@@ -70725,7 +70724,6 @@ CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xre ...)
 	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1 (bug #888487)
-	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
 	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299
@@ -72643,7 +72641,6 @@ CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings und
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and applicati ...)
 	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1 (bug #887130)
-	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
 	NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider


=====================================
data/DLA/list
=====================================
@@ -1,6 +1,6 @@
 [28 Jun 2019] DLA-1838-1 mupdf - security update
-	{CVE-2018-5686 CVE-2019-6130 CVE-2019-6192}
-	[jessie] - mupdf 1.5-1+deb8u5
+	{CVE-2018-5686 CVE-2019-6130 CVE-2018-6192}
+	[jessie] - mupdf 1.5-1+deb8u6
 [25 Jun 2019] DLA-1835-2 python3.4 - regression update
 	[jessie] - python3.4 3.4.2-1+deb8u4
 [25 Jun 2019] DLA-1837-1 rdesktop - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2faa614e3bfabec1da222d81b304c2feda6ac65d...b1f292b8f9d0969a7a2efe4d0821db5434c0ee26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2faa614e3bfabec1da222d81b304c2feda6ac65d...b1f292b8f9d0969a7a2efe4d0821db5434c0ee26
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190628/c1e8ab00/attachment-0001.html>
