[Git][security-tracker-team/security-tracker][master] Reserve DLA-4278-1 for mupdf

Chris Lamb (@lamby) lamby at debian.org
Fri Aug 22 17:13:38 BST 2025 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76c03352 by Chris Lamb at 2025-08-22T09:13:23-07:00
Reserve DLA-4278-1 for mupdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -419503,7 +419503,6 @@ CVE-2020-21897
 	RESERVED
 CVE-2020-21896 (A Use After Free vulnerability in svg_dev_text_span_as_paths_defs func ...)
 	- mupdf 1.19.0+ds1-1
-	[bullseye] - mupdf <no-dsa> (Minor issue)
 	[buster] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701294
 	NOTE: https://git.ghostscript.com/?p=mupdf.git;h=8719e07834d6a72b6b4131539e49ed1e8e2ff79e


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Aug 2025] DLA-4278-1 mupdf - security update
+	{CVE-2020-21896}
+	[bullseye] - mupdf 1.17.0+ds1-2+deb11u1
 [21 Aug 2025] DLA-4277-1 firefox-esr - security update
 	{CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
 	[bullseye] - firefox-esr 128.14.0esr-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -260,10 +260,6 @@ modsecurity-apache
   NOTE: 20250822: Added by Front-Desk (dleidert)
   NOTE: 20250822: maintainers are going to prepare PUs for Trixie and Bookworm (#1110480); follow-up with fix for LTS (dleidert)
 --
-mupdf (Chris Lamb)
-  NOTE: 20250805: Added by Front-Desk (rouca)
-  NOTE: 20250816: Working on package. (lamby)
---
 nagvis
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c033523b02ba72167ae2f08070116a3fe5460a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c033523b02ba72167ae2f08070116a3fe5460a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/495c6eb0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list