Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: e1a0ecb4 by Emilio Pozuelo Monfort at 2018-01-18T23:55:46+01:00 CVE-2017-9274/osc no-dsa in wheezy - - - - - 7856e15c by Emilio Pozuelo Monfort at 2018-01-18T23:59:37+01:00 mupdf no-dsa in wheezy - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -237,6 +237,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...) - mupdf <unfixed> (bug #887130) [stretch] - mupdf <no-dsa> (Minor issue) [jessie] - mupdf <no-dsa> (Minor issue) + [wheezy] - mupdf <no-dsa> (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860 NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider NOTE: EOF. @@ -5242,6 +5243,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certai - mupdf <unfixed> (bug #885120) [stretch] - mupdf <no-dsa> (Minor issue) [jessie] - mupdf <no-dsa> (Minor issue) + [wheezy] - mupdf <no-dsa> (Minor issue) NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public) CVE-2017-17865 @@ -38068,6 +38070,7 @@ CVE-2017-9274 [osc executes spec code during "osc commit"] - osc <unfixed> (bug #887391) [stretch] - osc <no-dsa> (Minor issue) [jessie] - osc <no-dsa> (Minor issue) + [wheezy] - osc <no-dsa> (Minor issue) NOTE: Details in https://bugzilla.novell.com/show_bug.cgi?id=938556 NOTE: SUSE adressed the issue not only in the obs-service-source_validator NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.: ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -51,17 +51,12 @@ ming (Hugo Lefeuvre) NOTE: 20180118: wip, currently working on it with upstream, might take a while NOTE: Some issues currently in upstream's bug tracker are missing a CVE number, so number of issues might increase in the next weeks -- -mupdf - NOTE: 20171224: Upstream patch does not apply to LTS cleanly. Might need hanges to apps/pdfclean.c rather than pdf-write.c (lamby) --- mysql-5.5 (Emilio Pozuelo) -- opencv (Thorsten Alteholz) -- openjdk-7 (Emilio Pozuelo) -- -osc --- php5 (Markus Koschany) -- rsync (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits