[Git][security-tracker-team/security-tracker][master] Process two CVEs associated with mupdf

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 7 12:05:19 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb3f337a by Salvatore Bonaccorso at 2024-02-07T13:03:42+01:00
Process two CVEs associated with mupdf

Not clear if there are associated upstream reports. The CVE entry only
references to the reporters github repository.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -564,9 +564,13 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free (
 CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...)
 	NOT-FOR-US: media-server
 CVE-2024-24259 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...)
-	TODO: check
+	- mupdf <unfixed>
+	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
+	TODO: check report upstream
 CVE-2024-24258 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...)
-	TODO: check
+	- mupdf <unfixed>
+	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
+	TODO: check report upstream
 CVE-2024-23109 (An improper neutralization of special elements used in an os command ( ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3f337ab17a4b2cda8ff4ca114319ff0e47c686

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3f337ab17a4b2cda8ff4ca114319ff0e47c686
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/66135668/attachment.htm>

More information about the debian-security-tracker-commits mailing list