[Git][security-tracker-team/security-tracker][master] Add CVE-2025-46646/ghostscript

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
628673a9 by Salvatore Bonaccorso at 2025-04-26T22:28:44+02:00
Add CVE-2025-46646/ghostscript

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,11 @@
 CVE-2025-46652 (In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. ...)
 	NOT-FOR-US: IZArc
 CVE-2025-46646 (In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c m ...)
-	TODO: check
+	- ghostscript 10.05.0~dfsg-1
+	[bookworm] - ghostscript <no-dsa> (Minor issue; will be fixed via point release)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708311
+	NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f
+	NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85df6937bcd8ae8edea7f24a5848e95833cfb1a7 (ghostpdl-10.05.0)
 CVE-2025-2101 (The Edumall theme for WordPress is vulnerable to Local File Inclusion  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53636 (An arbitrary file upload vulnerability via writefile.php of Serosoft A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628673a9da937dd9c1f72dab6ac54109cab8c654

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628673a9da937dd9c1f72dab6ac54109cab8c654
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250426/460fb1b7/attachment.htm>