diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-22 07:50:51 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-22 07:53:21 +0200 |
| commit | 5a43946761128b0819718595245e10b6236c0c68 (patch) | |
| tree | 8adc2ffecb286b8f676e2976d7fe10b0c6a6efdb /data/CVE/2018.list | |
| parent | 451c930f5beb649c7302ebb8a2070e21b20a8090 (diff) | |
Switch some http://git.ghostscript.com URLS
Diffstat (limited to 'data/CVE/2018.list')
| -rw-r--r-- | data/CVE/2018.list | 108 |
1 files changed, 54 insertions, 54 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 696121bf4c..752c9583f5 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5187,7 +5187,7 @@ CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file {DSA-4346-1 DLA-1620-1} - ghostscript 9.26~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace CVE-2018-19474 RESERVED CVE-2018-19473 @@ -5237,20 +5237,20 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the c CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168 CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169 CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...) {DSA-4346-1 DLA-1598-1} - ghostscript 9.26~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153 CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...) {DSA-4353-1 DLA-1700-1 DLA-1608-1} @@ -6069,8 +6069,8 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did {DSA-4346-1 DLA-1620-1} - ghostscript 9.26~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26) CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...) NOT-FOR-US: Flarum Core CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...) @@ -7207,7 +7207,7 @@ CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c - mupdf 1.14.0+ds1-3 (bug #912013) [jessie] - mupdf <not-affected> (vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...) {DLA-2009-1} - tiff 4.0.10-1 (unimportant; bug #912012) @@ -8283,7 +8283,7 @@ CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 NOTE: https://www.openwall.com/lists/oss-security/2018/10/16/2 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b CVE-2018-18283 RESERVED CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...) @@ -8775,7 +8775,7 @@ CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protect - ghostscript 9.25~dfsg-3 (bug #910758) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c NOTE: https://www.openwall.com/lists/oss-security/2018/10/10/12 CVE-2018-18072 RESERVED @@ -9099,9 +9099,9 @@ CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass - ghostscript 9.25~dfsg-3 (bug #910678) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682 NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source ...) - ckeditor 4.11.1+dfsg-1 (low) [stretch] - ckeditor <no-dsa> (Minor issue) @@ -11210,7 +11210,7 @@ CVE-2018-17183 (Artifex Ghostscript before 9.25 allowed a user-writable error ex {DSA-4294-1 DLA-1527-1} - ghostscript 9.25~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699708 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka audiof ...) - audiofile 0.3.6-5 (low; bug #913166) [stretch] - audiofile 0.3.6-4+deb9u1 @@ -12127,8 +12127,8 @@ CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Inco {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590 CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...) NOT-FOR-US: SolarWinds SFTP/SCP server @@ -14325,26 +14325,26 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657 NOTE: https://www.kb.cert.org/vuls/id/332928 CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote ...) @@ -14411,65 +14411,65 @@ CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetres {DSA-4288-1 DLA-1527-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908303) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670 CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668 CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664 CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661 CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658 NOTE: To not break cups with https://github.com/apple/cups/issues/5392 NOTE: an additional (no-security) followup fix is needed as: - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f NOTE: Cf. https://bugs.debian.org/908300 CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655 CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type con ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659 CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908304) [stretch] - ghostscript <not-affected> (Introduced in 9.22) [jessie] - ghostscript <not-affected> (vulnerable code is not present) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #907332; bug #907703) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654 NOTE: Partially fixed in 9.22~dfsg-3, see #907703 CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...) {DSA-4288-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #908305) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663 CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...) NOT-FOR-US: Wordpress plugin @@ -25574,7 +25574,7 @@ CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the st {DSA-4336-1 DLA-1504-1} - ghostscript 9.21~dfsg-1 (low) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) CVE-2018-11644 RESERVED CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic ...) @@ -29261,7 +29261,7 @@ CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space [jessie] - mupdf <not-affected> (Vulnerable code introduced later) [wheezy] - mupdf <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271 - NOTE: Introduced in http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8) + NOTE: Introduced in https://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8) CVE-2018-10288 RESERVED CVE-2018-10287 @@ -29493,7 +29493,7 @@ CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in t - ghostscript 9.22~dfsg-2.1 (bug #896069) [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 [jessie] - ghostscript 9.06~dfsg-2+deb8u7 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public) CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dere ...) - linux 4.16.12-1 @@ -38881,7 +38881,7 @@ CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized val NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...) - mupdf 1.13.0+ds1-1 [stretch] - mupdf <not-affected> (vulnerable code not present) @@ -38891,17 +38891,17 @@ CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...) - mupdf 1.13.0+ds1-1 [stretch] - mupdf <not-affected> (vulnerable code not present) [jessie] - mupdf <not-affected> (vulnerable code not present) [wheezy] - mupdf <not-affected> (vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...) {DSA-4334-1} - mupdf 1.13.0+ds1-1 @@ -38912,14 +38912,14 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb - NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb + NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...) - mupdf 1.14.0+ds1-1 (unimportant; bug #900129) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695 - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 NOTE: negligible security impact, memory leak in CLI tool CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6. ...) {DLA-2082-1} @@ -39065,9 +39065,9 @@ CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could {DSA-4152-1} - mupdf 1.12.0+ds1-1 (bug #891245) [wheezy] - mupdf <ignored> (Most likely not affected, minor issue) - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version - NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965 NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html @@ -41772,7 +41772,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and appl NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860 NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider NOTE: EOF. - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079 CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ha ...) {DSA-4321-1 DLA-1456-1 DLA-1245-1} - graphicsmagick 1.3.27-4 (bug #887158) |