[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2023-31794 in mupdf for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Fri Nov 3 08:14:00 GMT 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0aa31d46 by Chris Lamb at 2023-11-03T09:12:57+01:00
Triage CVE-2023-31794 in mupdf for buster LTS.
- - - - -
52a76281 by Chris Lamb at 2023-11-03T09:13:29+01:00
data/dla-needed.txt: Triage tang for buster LTS (CVE-2023-1672)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -727,6 +727,7 @@ CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in
- mupdf 1.22.1+ds1-1
[bookworm] - mupdf <no-dsa> (Minor issue)
[bullseye] - mupdf <no-dsa> (Minor issue)
+ [buster] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706506
NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=c0015401693b58e2deb5d75c39f27bc1216e47c6 (1.22.0-rc1)
CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...)
=====================================
data/dla-needed.txt
=====================================
@@ -238,6 +238,10 @@ suricata (Adrian Bunk)
NOTE: 20230731: Still reviewing+testing CVEs. (bunk)
NOTE: 20231016: Still reviewing+testing CVEs. (bunk)
--
+tang
+ NOTE: 20231103: Added by Front-Desk (lamby)
+ NOTE: 20231103: Sync with stable. (lamby)
+--
trafficserver (Adrian Bunk)
NOTE: 20231011: Added by Front-Desk (ta)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7d3cf931ae82787e2f716aa54466d953b54d277...52a7628150b8c9561290fa30d528144544fe9410
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7d3cf931ae82787e2f716aa54466d953b54d277...52a7628150b8c9561290fa30d528144544fe9410
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231103/6911d442/attachment.htm>
More information about the debian-security-tracker-commits
mailing list