Hi On Wed, May 31, 2017 at 12:52:42AM +0800, Kan-Ru Chen wrote: > Package: src:mupdf > Followup-For: Bug #863545 > > I believe CVE-2016-8728 does not affect all versions of mupdf in > Debian as the vulnerable code was introduced in version 1.10
Looks right, since there is no forceapha, and thus setting of nf = n + forcealpha causing the problem in the [4] and [5] part of the https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242 report. @Moritz, does that look correct to you as well? If so we can close this bug since no version would be affected. Salvatore
