On Fri, 02 Oct 2020 14:34:40 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: mupdf > Version: 1.17.0+ds1-1 > Severity: important > Tags: security upstream > Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=702937 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for mupdf. > > CVE-2020-26519[0]: > | fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap > | size calculation. > > Unfortunately the upstream bug[1] is restricted. The fix though is > referenced/commited in public already[2]. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-26519 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26519 > [1] https://bugs.ghostscript.com/show_bug.cgi?id=702937 > [2] > http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore
On Oct, 7th, upstream version 1.18.0 was released which contains the fix. Please update to that version.
