Your message dated Thu, 09 Mar 2017 23:20:39 +0000
with message-id <e1cm7mn-0008y9...@fasolo.debian.org>
and subject line Bug#854734: fixed in mupdf 1.5-1+deb8u2
has caused the Debian Bug report #854734,
regarding CVE-2017-5896
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
854734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854734
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mupdf
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/322
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.5-1+deb8u2
We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 854...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <kos...@debian.org> (supplier of updated mupdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 18 Feb 2017 01:06:01 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.5-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <kos...@debian.org>
Description:
libmupdf-dev - development files for the MuPDF viewer
mupdf - lightweight PDF viewer
mupdf-tools - commmand line tools for the MuPDF viewer
Closes: 840957 854734
Changes:
mupdf (1.5-1+deb8u2) jessie-security; urgency=high
.
* CVE-2016-8674: heap-use-after-free in pdf_to_num (pdf-object.c) (Closes:
#840957)
* CVE-2017-5896: use-after-free in fz_subsample_pixmap() (Closes: #854734)
* CVE-2017-5991: NULL pointer dereference in pdf_run_xobject()
Checksums-Sha1:
27fcc244a502950ea0bedf3e78220868070345db 2126 mupdf_1.5-1+deb8u2.dsc
1256aa203ebddbca1db9ef2819226c5ee30ead0e 27716 mupdf_1.5-1+deb8u2.debian.tar.xz
200b820f3b65e73c9dc9b040c6a5afbc057be0fa 3466342
libmupdf-dev_1.5-1+deb8u2_amd64.deb
b9ea8a5d681e9681f4ca0841385e94a455454bb1 3414054 mupdf_1.5-1+deb8u2_amd64.deb
055fb1102af0e4cbcdf76b36764141498cab38be 3421786
mupdf-tools_1.5-1+deb8u2_amd64.deb
Checksums-Sha256:
9c6ccbc61678f78a1b4f7aa10a1bc8ad95dc03a1e71af417626614baac3d9630 2126
mupdf_1.5-1+deb8u2.dsc
e21f7cbecdb9f6d2e962dc6acb49259b497125e79b3e9d46307fb7778fd427b4 27716
mupdf_1.5-1+deb8u2.debian.tar.xz
38f35780958dabf11aafa77216b8bfd0fcbfab58d5761a442ac27048a964d446 3466342
libmupdf-dev_1.5-1+deb8u2_amd64.deb
afe52b484c087d629da713f5240b1da726bfb50d70e77ff4e2b00c8fb2c93d5d 3414054
mupdf_1.5-1+deb8u2_amd64.deb
8acc4467e32bdbdb8a25472b43f6344cfb433c49255afc047b178b750bbb6989 3421786
mupdf-tools_1.5-1+deb8u2_amd64.deb
Files:
916825200dad7a45be341e9c4ea9e11b 2126 text optional mupdf_1.5-1+deb8u2.dsc
ed70182f15356f361bb665534df4f7cd 27716 text optional
mupdf_1.5-1+deb8u2.debian.tar.xz
4f8f2383bd463db893842b653dcc9d9f 3466342 libdevel optional
libmupdf-dev_1.5-1+deb8u2_amd64.deb
8e857907b34542314f1d2328d3cd456e 3414054 text optional
mupdf_1.5-1+deb8u2_amd64.deb
fffa61aea7678c8764821165a37a9bac 3421786 text optional
mupdf-tools_1.5-1+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAlis6nAACgkQCjk1Srbl
feGNrw/+ISfrzdBeTYBk0cauufe67WmtumF2gFKx4y0r2Z5yMRFp53dSZwihWtQX
/8xhXPEZ7xHVcTjPI6akmW0i6ZA2xS7aXz+jV4zSwXz+5GozMEkwJBgLQ8EDw4NF
2HYXsjz1UM4hRuW+fP8WVVTTDIp7H8i+wYOgSIdw2DEKpXtgD/FCJgHDF2qpNXJd
GUtCAINVUKWSniwu3ozRHGHVrPUOIsbql8e7g5Mxg/KCuKqwjBS3bQLIGyjvcCif
UjcaTDzUSF5kt5EeNE8yCbm+OrT5ypGROrK0p2EGXaBQVur9b+7MYfnnrYsisc/M
mTuapqWnKvrV+ICJeOHuXeK/6Lk3z+9GKKBvImlm0y0E3J66cFBWe/I/O7IkFnA4
Hiov6fTX+IElTXI2C8PHLnSozl7tYZT3dhVOYNTz0L64Gm1esjEUZ5ivO5KC4XT2
gSCpNDyDzwaWlPF+7xLN+vtGgbuJT/7VD09lOkuA+ZwuHUpAZp5t2Au94UBeAKr2
BcLYh17aYoG9SO7C8P/AIf85OAl4iJBy1wH5LdzMxAzyJBjdr1qvX/9/IZDFz946
+EHrYZoT87W2E8j075+kzzuKybvUYcBezRRt6vwChv389zpZsJj2jkHeQFDdcf0V
zE2fWLhBgzjmEyhWMtGtV/SjNnuPdIFUJWXwzxPPDDKeB8j9c5g=
=Juow
-----END PGP SIGNATURE-----
--- End Message ---
