[Git][security-tracker-team/security-tracker][master] Add CVE-2025-71382/mupdf
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 27 09:58:23 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1f42ade by Salvatore Bonaccorso at 2026-06-27T10:57:44+02:00
Add CVE-2025-71382/mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4765,7 +4765,10 @@ CVE-2026-0864 (When using the "configparser" module to write configuration files
NOTE: https://github.com/python/cpython/pull/152006 (3.11)
NOTE: https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f (main)
CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerabili ...)
- TODO: check
+ - mupdf 1.27.0+ds1-2
+ [trixie] - mupdf <no-dsa> (Minor issue)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708840
+ NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=70b71ab22e6de4d4c44cd301c88231f623a4e94e (1.27.0-rc1)
CVE-2025-71376 (picklescan before 0.0.29 fails to detect malicious pickle files using ...)
NOT-FOR-US: picklescan
CVE-2025-71370 (picklescan before 0.0.28 fails to detect malicious torch.jit.unsupport ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f42adefa81bc33022855653639d82f4e939647
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f42adefa81bc33022855653639d82f4e939647
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/d4f0a38c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list