From 0fc07d6e6c6f04c4a92894c69cbbbe70ae5a0058 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 18 Feb 2021 21:57:52 +0100
Subject: mujs entered the archive, recheck some older CVEs

---
 data/CVE/2019.list | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'data/CVE/2019.list')

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index f31013f89f..312abd2660 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -21262,7 +21262,8 @@ CVE-2019-12818 (An issue was discovered in the Linux kernel before 4.20.15. The
 CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a craft ...)
 	NOT-FOR-US: Shopware
 CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed with initial upload to Debian)
+	NOTE: http://git.ghostscript.com/?p=mujs.git;h=7f50591861525f76e3ec7a63392656ff8c030af9 (1.0.6)
 CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...)
 	NOT-FOR-US: ELM327 OBD2 Bluetooth device
 CVE-2019-12796
@@ -25056,11 +25057,17 @@ CVE-2019-11415 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A
 CVE-2019-11414 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the ...)
 	NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices
 CVE-2019-11413 (An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recurs ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed with initial upload to Debian)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700937
+	NOTE: https://github.com/ccxvii/mujs/commit/00d4606c3baf813b7b1c176823b2729bf51002a2
 CVE-2019-11412 (An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed with initial upload to Debian)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700947
+	NOTE: https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02
 CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() an ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed with initial upload to Debian)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700938
+	NOTE: https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6
 CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...)
 	NOT-FOR-US: FreePBX
 CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX  ...)
-- 
cgit v1.2.3