Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f1f42ade by Salvatore Bonaccorso at 2026-06-27T10:57:44+02:00
Add CVE-2025-71382/mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4765,7 +4765,10 @@ CVE-2026-0864 (When using the "configparser" module to
write configuration files
NOTE: https://github.com/python/cpython/pull/152006 (3.11)
NOTE:
https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f
(main)
CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion
vulnerabili ...)
- TODO: check
+ - mupdf 1.27.0+ds1-2
+ [trixie] - mupdf <no-dsa> (Minor issue)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708840
+ NOTE: Fixed by:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=70b71ab22e6de4d4c44cd301c88231f623a4e94e
(1.27.0-rc1)
CVE-2025-71376 (picklescan before 0.0.29 fails to detect malicious pickle
files using ...)
NOT-FOR-US: picklescan
CVE-2025-71370 (picklescan before 0.0.28 fails to detect malicious
torch.jit.unsupport ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f42adefa81bc33022855653639d82f4e939647
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f42adefa81bc33022855653639d82f4e939647
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits