Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 699980 (CVE-2018-19777, CVE-2019-13290) - <app-text/mupdf-1.16.1: multiple vulnerabilities (CVE-{2018-19777,2019-13290})
Summary: <app-text/mupdf-1.16.1: multiple vulnerabilities (CVE-{2018-19777,2019-13290})
Alias: CVE-2018-19777, CVE-2019-13290
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-11-13 07:27 UTC by GLSAMaker/CVETool Bot
Modified: 2019-11-22 09:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-11-13 07:27:18 UTC
CVE-2018-19777 (
  In Artifex MuPDF 1.14.0, there is an infinite loop in the function
  svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

CVE-2018-13290 (
  Information exposure vulnerability in SYNO.Core.ACL in Synology Router
  Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to
  determine the existence of files or obtain sensitive information of files
  via the file_path parameter.
Comment 1 Agostino Sarubbo gentoo-dev 2019-11-13 08:44:00 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-11-13 16:06:54 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-11-13 16:07:39 UTC
s390 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-11-13 16:08:03 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-11-13 16:08:26 UTC
ppc64 stable
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-11-13 22:45:28 UTC
arm64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-11-14 11:58:40 UTC
ia64 stable
Comment 8 Matt Turner gentoo-dev 2019-11-17 07:21:58 UTC
alpha stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-11-22 09:43:35 UTC
arm stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-11-22 09:48:10 UTC
GLSA vote: no.