Switch some http://git.ghostscript.com URLS

author: Salvatore Bonaccorso <carnil@debian.org> 2020-08-22 07:50:51 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-08-22 07:53:21 +0200
commit: 5a43946761128b0819718595245e10b6236c0c68 (patch)
tree: 8adc2ffecb286b8f676e2976d7fe10b0c6a6efdb /data/CVE/2016.list
parent: 451c930f5beb649c7302ebb8a2070e21b20a8090 (diff)
1 files changed, 15 insertions, 15 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index fd09fbd078..e95d3db79c 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1855,7 +1855,7 @@ CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Art
 	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
 	[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
 	NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
 	NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
 	NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
@@ -2175,14 +2175,14 @@ CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
 CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
 	- ghostscript <not-affected> (Vulnerable code introduced later)
-	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
-	NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
+	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
+	NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444
 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...)
 	- ghostscript 9.20~dfsg-3.1 (bug #859662)
 	[jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
 	[wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456
 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The  ...)
 	NOT-FOR-US: IT ITems DataBase
@@ -4169,7 +4169,7 @@ CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buf
 	{DSA-3817-1 DLA-874-1}
 	- jbig2dec 0.13-4 (bug #850497)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
-	NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
+	NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
 CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...)
 	- jasper <removed> (unimportant)
 	NOTE: https://github.com/mdadams/jasper/issues/109
@@ -6961,7 +6961,7 @@ CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG
 	- jbig2dec 0.13-4 (bug #863886)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
-	NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
+	NOTE: https://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
 CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...)
 	- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
@@ -7296,7 +7296,7 @@ CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allo
 	{DSA-3797-1}
 	- mupdf 1.9a+ds1-2 (bug #840957)
 	[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
-	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
+	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
 CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...)
@@ -7903,7 +7903,7 @@ CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #840451)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
 CVE-2016-8601
 	REJECTED
 CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...)
@@ -8148,7 +8148,7 @@ CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass th
 	- ghostscript 9.19~dfsg-3.1 (bug #839846)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
-	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
+	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
 CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...)
@@ -8156,21 +8156,21 @@ CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remo
 	- ghostscript 9.19~dfsg-3.1 (bug #839845)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
-	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
+	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
 	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
-	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
+	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
 	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
-	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
+	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-1000247 [mpg123 memory overread]
 	{DLA-655-1}
@@ -13522,7 +13522,7 @@ CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function i
 	{DSA-3655-1 DLA-589-1}
 	- mupdf 1.9a+ds1-1.2 (bug #833417)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
-	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
+	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
 CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...)
 	- dotclear <removed>
 	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
@@ -14521,8 +14521,8 @@ CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf
 	- mupdf 1.9a+ds1-1.1 (bug #832031)
 	[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
-	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
-	NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
+	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
+	NOTE: Possibly introduced with: https://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
 	NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
 	NOTE: that part of the code went trough several iterations before it settled down, and
 	NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
author	Salvatore Bonaccorso <carnil@debian.org>	2020-08-22 07:50:51 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-08-22 07:53:21 +0200
commit	5a43946761128b0819718595245e10b6236c0c68 (patch)
tree	8adc2ffecb286b8f676e2976d7fe10b0c6a6efdb /data/CVE/2016.list
parent	451c930f5beb649c7302ebb8a2070e21b20a8090 (diff)