Your message dated Sun, 08 Nov 2020 21:18:08 +0000 with message-id <e1kbs4e-000aqr...@fasolo.debian.org> and subject line Bug#971595: fixed in mupdf 1.17.0+ds1-1.1 has caused the Debian Bug report #971595, regarding mupdf: CVE-2020-26519 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 971595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971595 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mupdf Version: 1.17.0+ds1-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=702937 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for mupdf. CVE-2020-26519[0]: | fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap | size calculation. Unfortunately the upstream bug[1] is restricted. The fix though is referenced/commited in public already[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-26519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26519 [1] https://bugs.ghostscript.com/show_bug.cgi?id=702937 [2] http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 1.17.0+ds1-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 971...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Nov 2020 21:09:06 +0100 Source: mupdf Architecture: source Version: 1.17.0+ds1-1.1 Distribution: unstable Urgency: medium Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 971595 Changes: mupdf (1.17.0+ds1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519) (Closes: #971595) Checksums-Sha1: 1821ae7a337ff7c60ff1de178093e37f1b46dac8 2391 mupdf_1.17.0+ds1-1.1.dsc 281994642c614dde1a057c71672cdf89c818deb7 29844 mupdf_1.17.0+ds1-1.1.debian.tar.xz Checksums-Sha256: a09b56083df41894a26a4d8211627135baaaf90fae3caad16f6649345c6798a3 2391 mupdf_1.17.0+ds1-1.1.dsc 0fdff7b29ec0d02a6c5749b8df60c93a5798e52d9e0427336663a7492de0b48f 29844 mupdf_1.17.0+ds1-1.1.debian.tar.xz Files: 4ec82ce601e4cb24354ec73d1af5dbe1 2391 text optional mupdf_1.17.0+ds1-1.1.dsc e3a3a9cdf4fac38c7d6faad444bb4388 29844 text optional mupdf_1.17.0+ds1-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+hvBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPx0QAI9Bxtcz7ktzXEGn7e68ZEf4Ihy4wRn9 tdnn2v8iizrqZYQsEV44mcyku4u+rGKhougKBVUnytFkhYYyUhMeX4yShW4lGfS5 oR+65fDeCyrc/bbI9FsIr1hKRLqcAPuFv3z0i1oKNy3adY4wphL0xx7OgJn2sV30 d5w4s/Ji+Cs/ce9SG23u9pU3R8/ASZHUSEbaFIkFTDjlS+txglVCo09NStptkPUK mjn5wMv0UNChEoyadnS0+6s6A0S3zVpkkyIzk2Lt3/el/cWkbzQQIdQNUrIx5UEB fVYrcNOT7VJ3TWHuX9T5mXDG73B3RqLV6Ykhox0NPI30v8iEUkcEsO1U38KGhzMI ATe5HEatiafbKvR8553QTcIfFGd5rUPAWHOcocgoDD95/eazzoHWHqxGU6BefWyr BJWVHnjaoglD91N1Kze/nKnOCe5F8GTjLH56Jc8pFEG2dKUH6ev5u3QaJa/FvkDU DG9cSFfuLlDf68aCv8jUC+9wgAx231M83xdHlDteNRYTW/1z/nXT3mppEa6ykMtl kq9F225GfeRu34te/dobHdy5OE0QKZMTPRJtgejEa0T771tTuzx12IROdny2VdWk PpnM2hNnS9TF+ASWm+zUDi8NQ6AfVZLPPzafOV0usHMBd9xX6nS2HSyEBi5yFoBb GrwhraJP3gMN =MA6A -----END PGP SIGNATURE-----
--- End Message ---
