Debian Flightcrew vulnerabilities

CVE-2019-13241 [HIGH] CVE-2019-13241: flightcrew - FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing at... FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Scope: local bookworm: resolved (fixed in 0.7.2+dfsg-14) bullseye: resolved (fixed in 0.7.2+dfsg-14) forky: resolved (fixed in 0.7.2+dfsg-14) sid: resolved (fixed in

CVE-2019-13032 [MEDIUM] CVE-2019-13032: flightcrew - An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer derefer... An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. Scope: local bookworm: resolved (fixed in 0.7.2+dfsg-14) bullseye: