Your message dated Sun, 09 Mar 2014 16:19:43 +0000 with message-id <e1wmgrz-0000rv...@franck.debian.org> and subject line Bug#738857: fixed in mupdf 1.3-2 has caused the Debian Bug report #738857, regarding mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 738857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mupdf Severity: grave Tags: security Justification: user security hole Please see http://www.hdwsec.fr/blog/mupdf.html Can you please contact upstream for a patch and whether this affects Linux builds of mupdf? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 1.3-2 We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 738...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kan-Ru Chen (陳侃如) <kos...@debian.org> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 09 Mar 2014 23:41:55 +0800 Source: mupdf Binary: libmupdf-dev mupdf mupdf-tools Architecture: source amd64 Version: 1.3-2 Distribution: unstable Urgency: medium Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org> Changed-By: Kan-Ru Chen (陳侃如) <kos...@debian.org> Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - commmand line tools for the MuPDF viewer Closes: 699684 736125 738857 Changes: mupdf (1.3-2) unstable; urgency=medium . * Fix CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color(). (Closes: #738857) * Add description of key P to mupdf(1). (Closes: #736125) * Add description of BROWSER env to mupdf(1). (Closes: #699684) * Bump Standards-Version to 3.9.5, no changes needed Checksums-Sha1: 2e6a5bdb671b9710c7ea50fbd73605e1da9f5395 2060 mupdf_1.3-2.dsc 61514053aaa956ded4a14a8400651518a4068b32 12564 mupdf_1.3-2.debian.tar.xz a15f86f9980ddc7242e596dab2ebf999d196a283 3079560 libmupdf-dev_1.3-2_amd64.deb 0bf60c3a19724a057f857180332a04f8a7312296 2981902 mupdf_1.3-2_amd64.deb 797a4a2b78ec4f2c1fff6f5fb75ec0f88fbae07d 3057354 mupdf-tools_1.3-2_amd64.deb Checksums-Sha256: 15c9e74124f3656fc9ae6719e757e1aebb23faa6f8d8c3824cbbc7d62d3ec0a0 2060 mupdf_1.3-2.dsc 16011705809482db22bd53508e4f537842a4daac33d674ff478bfe9a1495fdab 12564 mupdf_1.3-2.debian.tar.xz 616926bc9a457d19e0f0c2a8b3db30626e0ef8f5f60f5ca2efafc7a6471f7d42 3079560 libmupdf-dev_1.3-2_amd64.deb 24a8e04f199dd685fb91ded268437269397c965b8e9a15f84b7eee9b0a8e27ca 2981902 mupdf_1.3-2_amd64.deb 3aea6a59764fb3f805dfe14f16c88168cc1f6beef5553ea9e41fca6d192e2282 3057354 mupdf-tools_1.3-2_amd64.deb Files: 09c7f53244085ea098a72536adca3e9c 2060 text optional mupdf_1.3-2.dsc 81bfbb71fe903f4f38ca2d3499e5648e 12564 text optional mupdf_1.3-2.debian.tar.xz 41c3119ee5cfe64084586b8777be2555 3079560 libdevel optional libmupdf-dev_1.3-2_amd64.deb 389aa9b3fbfa63ff0288dfffb11315f0 2981902 text optional mupdf_1.3-2_amd64.deb 11842b1a61e31127814823289b2ca00b 3057354 text optional mupdf-tools_1.3-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTHJESAAoJEAo5NUq25X3hGxwQAKnsyf1lsdGYeNcUyByVlmRK 1jvmA7/BKW/u/TXtQdUQBKKJrl9aTbsy+13gKEAk3VU7WBGA7P0TrtGFeyjllBql ch8B6Hq2zOmjnfCd5Z6dX/UORABHjvmtGh4atvf8+adARRSAQRjWxdizHSMmuJrE +t3k8misuwhJokp81wCMNPMYbtQDjhfdw4QvWX26raG/9gMIS6hhryWyNnsmieoh keUFR51w1tHOgKoNc+h8vbG5zxOTvUbPjCA1FHpaSLufriaI2gRjB4lJCgNTkmZG FJpwNWd5lS9PKzyjF8C4i//sQUVlOILJLL+P55SidTsReEYD5iDCcalyNN1B460k 20f4nYkVdU8soQQG2xkBgRihHACUM4WgSVXynBCR+TPzhpm4N4YJHtD8DxxjSijM 2zyQqgEjH63Tm/hoYWfcLtyuAbZbXiQTuMDUGqkYF7cTE8cuwbF6EidrJAAZwgd9 7w80m+zViuFk1o9L2dBXZHz1/n18BVFHKhH2UoGaOB4xhJ7lywGoXJClpablmbMS WulnSJ4CKAnzIUGa6xQ/21OX3iy1wHXc4t4E13L/1Oczg9gv6W6ImJHzPjPew1Cu 2Zrr1aJR8/v8yW/Anu7Ac8Oxitsm4aeC2Q/CFso6Ms2b1Z+QoAZKsQLGDRUFBeDj ymjVa4UrZTpJ41e5djGP =7n3i -----END PGP SIGNATURE-----
--- End Message ---
