diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-22 07:50:51 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-22 07:53:21 +0200 |
| commit | 5a43946761128b0819718595245e10b6236c0c68 (patch) | |
| tree | 8adc2ffecb286b8f676e2976d7fe10b0c6a6efdb /data/CVE/2017.list | |
| parent | 451c930f5beb649c7302ebb8a2070e21b20a8090 (diff) | |
Switch some http://git.ghostscript.com URLS
Diffstat (limited to 'data/CVE/2017.list')
| -rw-r--r-- | data/CVE/2017.list | 72 |
1 files changed, 36 insertions, 36 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 9ce02e1dd7..aae7b7abd0 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -2995,7 +2995,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certai - mupdf 1.12.0+ds1-1 (bug #885120) [jessie] - mupdf <no-dsa> (Minor issue) [wheezy] - mupdf <no-dsa> (Minor issue) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public) CVE-2017-17865 RESERVED @@ -3026,8 +3026,8 @@ CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to by CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in pdf/pd ...) - mupdf <not-affected> (Vulnerable code introduced in 1.11.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 - NOTE: Commit http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 + NOTE: Commit https://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd NOTE: switches to use int64_t for public file API offsets and introduced the flaw. NOTE: https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md CVE-2017-17851 @@ -9202,7 +9202,7 @@ CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The - ghostscript 9.25~dfsg-1 [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) NOT-FOR-US: PRTG Network Monitor @@ -9435,7 +9435,7 @@ CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...) {DSA-4006-2 DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-2 (bug #879055) - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) NOTE: https://nandynarwhals.org/CVE-2017-15587/ CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...) @@ -10009,8 +10009,8 @@ CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...) - mupdf <not-affected> (Vulnerable code introduced later) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a - NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a + NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592 CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...) - radare2 2.1.0+dfsg-1 (bug #878767) @@ -12226,7 +12226,7 @@ CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf <no-dsa> (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...) {DSA-4006-1} @@ -12234,14 +12234,14 @@ CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or [jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) {DSA-4006-1} - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487) NOTE: https://github.com/ImageMagick/ImageMagick/issues/770 @@ -20507,7 +20507,7 @@ CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references t [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869977) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) CVE-2017-11713 RESERVED CVE-2017-11712 @@ -24378,7 +24378,7 @@ CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghosts [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869907) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...) NOT-FOR-US: WatuPRO plugin for WordPress CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...) @@ -26399,13 +26399,13 @@ CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869910) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) CVE-2017-9738 RESERVED CVE-2017-9737 @@ -26437,13 +26437,13 @@ CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghost [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869913) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869915) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...) {DLA-1021-1 DLA-1020-1} - jetty9 9.2.22-1 (bug #864898) @@ -26684,21 +26684,21 @@ CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870174) [jessie] - wireshark <no-dsa> (Minor issue) @@ -26723,20 +26723,20 @@ CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript Gho [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869916) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869917) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...) NOT-FOR-US: Blackcat CMS CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...) @@ -27982,7 +27982,7 @@ CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghos [jessie] - jbig2dec <no-dsa> (Minor issue) [wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 CVE-2017-9215 RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) @@ -28968,7 +28968,7 @@ CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.2 [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810 - NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...) NOT-FOR-US: Atlassian Bamboo @@ -31363,12 +31363,12 @@ CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads becau {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860787) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...) {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860788) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...) NOT-FOR-US: Schneider Electric CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...) @@ -31437,8 +31437,8 @@ CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscrip [jessie] - ghostscript <not-affected> (Vulnerable code not present) [wheezy] - ghostscript <not-affected> (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 - NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...) NOT-FOR-US: NetApp @@ -31606,7 +31606,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading t {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860460) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) - apcupsd <not-affected> (Only APC UPS Daemon on Windows) CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...) @@ -33891,7 +33891,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 - NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow @@ -34088,7 +34088,7 @@ CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows r CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...) {DSA-3838-1 DLA-1048-1} - ghostscript 9.20~dfsg-3 (bug #858350) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676 CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...) - libav <removed> @@ -36910,8 +36910,8 @@ CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2. CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...) - ghostscript <not-affected> (Issue introduced later, cf. bug #856142) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596 - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 - NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 + NOTE: Possibly introduced only after https://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...) NOT-FOR-US: Ipswitch MOVEit Transfer CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...) @@ -37379,7 +37379,7 @@ CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 19 - mupdf 1.9a+ds1-4 (low) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...) NOT-FOR-US: PhreeBooksERP CVE-2017-5989 @@ -37544,7 +37544,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859696) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 - NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 + NOTE: Fixed by: https://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) - yaml-cpp 0.6.3-1 (low; bug #859891) [buster] - yaml-cpp <no-dsa> (Minor issue) @@ -37690,7 +37690,7 @@ CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 - NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1 CVE-2017-5895 |