From 5a43946761128b0819718595245e10b6236c0c68 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 22 Aug 2020 07:50:51 +0200 Subject: Switch some http://git.ghostscript.com URLS --- data/CVE/2016.list | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'data/CVE/2016.list') diff --git a/data/CVE/2016.list b/data/CVE/2016.list index fd09fbd078..e95d3db79c 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1855,7 +1855,7 @@ CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Art [jessie] - ghostscript 9.06~dfsg-2+deb8u7 [wheezy] - ghostscript (Not directly reproducible, to re-evaluate once the upstream fix is known) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 NOTE: I got the reproducer file from the bug submitter and tried to reproduce it. NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2 @@ -2175,14 +2175,14 @@ CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) - ghostscript (Vulnerable code introduced later) - NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 - NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 + NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...) - ghostscript 9.20~dfsg-3.1 (bug #859662) [jessie] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) [wheezy] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase @@ -4169,7 +4169,7 @@ CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buf {DSA-3817-1 DLA-874-1} - jbig2dec 0.13-4 (bug #850497) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457 - NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 + NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...) - jasper (unimportant) NOTE: https://github.com/mdadams/jasper/issues/109 @@ -6961,7 +6961,7 @@ CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG - jbig2dec 0.13-4 (bug #863886) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438 - NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092 + NOTE: https://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092 CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...) - mupdf (Vulnerable code introduced in 1.10, cf. #863545) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20 @@ -7296,7 +7296,7 @@ CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allo {DSA-3797-1} - mupdf 1.9a+ds1-2 (bug #840957) [wheezy] - mupdf (Crash is not reproducible with reprocuder. Needs clarification from upstream.) - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015 NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019 CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...) @@ -7903,7 +7903,7 @@ CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9. {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (bug #840451) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 CVE-2016-8601 REJECTED CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...) @@ -8148,7 +8148,7 @@ CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass th - ghostscript 9.19~dfsg-3.1 (bug #839846) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190 NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19 CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...) @@ -8156,21 +8156,21 @@ CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remo - ghostscript 9.19~dfsg-3.1 (bug #839845) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179 NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (high; bug #839841) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169 NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (high; bug #839260) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178 NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8 - NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d + NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-1000247 [mpg123 memory overread] {DLA-655-1} @@ -13522,7 +13522,7 @@ CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function i {DSA-3655-1 DLA-589-1} - mupdf 1.9a+ds1-1.2 (bug #833417) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...) - dotclear NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d @@ -14521,8 +14521,8 @@ CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf - mupdf 1.9a+ds1-1.1 (bug #832031) [wheezy] - mupdf (vulnerable code not present, no segfault) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941 - NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 + NOTE: Possibly introduced with: https://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1) NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs, NOTE: that part of the code went trough several iterations before it settled down, and NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks -- cgit v1.2.3