[Git][security-tracker-team/security-tracker][master] 2 commits: CVE for mupdf will be fixed

Thorsten Alteholz alteholz at debian.org
Sat Jul 25 23:09:01 BST 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb489ac4 by Thorsten Alteholz at 2020-07-26T00:07:47+02:00
CVE for mupdf will be fixed

- - - - -
270b89bb by Thorsten Alteholz at 2020-07-26T00:08:41+02:00
Reserve DLA-2289-1 for mupdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -81022,7 +81022,6 @@ CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with sta
 CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...)
 	{DLA-1838-1}
 	- mupdf 1.14.0+ds1-3 (bug #918971)
-	[stretch] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
 CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jul 2020] DLA-2289-1 mupdf - security update
+	{CVE-2018-16647 CVE-2018-16648 CVE-2018-18662 CVE-2019-6130 CVE-2019-13290}
+	[stretch] - mupdf 1.9a+ds1-4+deb9u5
 [25 Jul 2020] DLA-2288-1 qemu - security update
 	{CVE-2017-9503 CVE-2019-12068 CVE-2019-20382 CVE-2020-1983 CVE-2020-8608 CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-15863}
 	[stretch] - qemu 1:2.8+dfsg-6+deb9u10


=====================================
data/dla-needed.txt
=====================================
@@ -106,10 +106,6 @@ mumble
   NOTE: 20200504: discussion going on with team at security.debian.org and mumble maintainer (abhijith)
   NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg00008.html (abhijith)
 --
-mupdf (Thorsten Alteholz)
-  NOTE: 20200708: Vulnerable to at least CVE-2019-13290. (lamby)
-  NOTE: 20200719: testing package (thorsten)
---
 node-lodash
 --
 nss (Adrian Bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/594753c3b3c72b077c67a3bbac510b31c7d76725...270b89bb4c6a6817c08e2d8a138a1b7963c673b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/594753c3b3c72b077c67a3bbac510b31c7d76725...270b89bb4c6a6817c08e2d8a138a1b7963c673b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200725/b2e4013c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list