[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4695{1..6} for tracking
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 30 08:02:30 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab1648bd by Salvatore Bonaccorso at 2024-10-30T09:01:54+01:00
Add CVE-2024-4695{1..6} for tracking
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-46956 [PostScript interpreter - fix buffer length check]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0)
+CVE-2024-46955 [PS interpreter - check Indexed colour space index]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a (ghostpdl-10.04.0)
+CVE-2024-46954 [Fix decode_utf8 to forbid overlong encodings]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707788
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=282f691f5e57b6bf55ba51ad8c2be2cce8edb938 (ghostpdl-10.04.0)
+CVE-2024-46953 [Check for overflow validating format string]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0)
+CVE-2024-46952 [PDF interpreter - sanitise W array values in Xref streams]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708001
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0)
+CVE-2024-46951 [PS interpreter - check the type of the Pattern Implementation]
+ - ghostscript 10.04.0~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
+ NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee (ghostpdl-10.04.0)
CVE-2024-10488
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ firefox-esr (jmm)
frr
coordination with the maintainer ongoing
--
+ghostscript (carnil)
+--
libarchive (carnil)
--
libreswan
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1648bd394ac3f10c13b4542b6f745c418b59d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1648bd394ac3f10c13b4542b6f745c418b59d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/59f19b6a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list