[Git][security-tracker-team/security-tracker][master] Add CVE-2019-25059/ghostscript

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab227570 by Salvatore Bonaccorso at 2022-04-25T10:31:02+02:00
Add CVE-2019-25059/ghostscript

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -391,7 +391,9 @@ CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new function
 	NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
 	NOTE: https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
 CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this  ...)
-	TODO: check
+	- ghostscript 9.27~dfsg-1
+	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
+	NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
 CVE-2022-29599
 	RESERVED
 CVE-2022-1450



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab227570978d90fc7420b316e9562d3a6658088a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab227570978d90fc7420b316e9562d3a6658088a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/7b87cf47/attachment.htm>