Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d253dec by Salvatore Bonaccorso at 2026-02-06T21:54:17+01:00
Add CVE-2026-25556/mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,7 +73,13 @@ CVE-2026-25587 (SandboxJS is a JavaScript sandboxing
library. Prior to 0.8.29, a
CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
a sandb ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free
vulnerabili ...)
- TODO: check
+ - mupdf <unfixed>
+ [trixie] - mupdf <no-dsa> (Minor issue)
+ [bookworm] - mupdf <not-affected> (Vulnerable code introduced later)
+ [bullseye] - mupdf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=709029
+ NOTE: Introduced with:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c810149dfd28799cf7f6b40043645cade9bf02b8
(1.23.0-rc1)
+ NOTE: Fixed by:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1
CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29,
The ret ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-24931 (Vulnerability of improper criterion security check in the card
module. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d253dec92cd2799880867c02568a4a2035c2d30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d253dec92cd2799880867c02568a4a2035c2d30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
