Your message dated Sat, 18 Nov 2017 22:20:55 +0000 with message-id <e1egbtr-0006g7...@fasolo.debian.org> and subject line Bug#879055: fixed in mupdf 1.5-1+deb8u3 has caused the Debian Bug report #879055, regarding mupdf: CVE-2017-15587 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mupdf Version: 1.5-1 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698605 Hi, the following vulnerability was published for mupdf. CVE-2017-15587[0]: | An integer overflow was discovered in pdf_read_new_xref_section in | pdf/pdf-xref.c in Artifex MuPDF 1.11. base64 encoded reproducer for verifying: JVBERi0wMDAwMDAgMCBvYmo8PC9bXS9JbmRleFsyMTQ3NDgzNjQ3IDFdLyAwIDAgUi8gMC9TaXpl IDAvV1tdPj5zdHJlYW0Nc3RhcnR4cmVmMTAK If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15587 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 [1] https://bugs.ghostscript.com/show_bug.cgi?id=698605 [2] http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 [3] https://nandynarwhals.org/CVE-2017-15587/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 1.5-1+deb8u3 We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luciano Bello <luci...@debian.org> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 10 Nov 2017 12:20:25 -0500 Source: mupdf Binary: libmupdf-dev mupdf mupdf-tools Architecture: source amd64 Version: 1.5-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org> Changed-By: Luciano Bello <luci...@debian.org> Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - commmand line tools for the MuPDF viewer Closes: 879055 Changes: mupdf (1.5-1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2017-15587: Integer overflow was discovered in pdf_read_new_xref_section (Closes: #879055) Checksums-Sha1: 6478d5012dfbacad1a26c7c8ebb55ca77dfcc062 2126 mupdf_1.5-1+deb8u3.dsc 9945ebc124497fbbe684246f1ffabc067a677338 28200 mupdf_1.5-1+deb8u3.debian.tar.xz 31a8179e4396aa3153619861b29fc1159da4f4be 3465410 libmupdf-dev_1.5-1+deb8u3_amd64.deb 7bf5917d850f38e644ca4f2d2b9551cc63959ba8 3415534 mupdf_1.5-1+deb8u3_amd64.deb 61b7eef1d31a360ed3860ae012768f8816a92472 3578254 mupdf-tools_1.5-1+deb8u3_amd64.deb Checksums-Sha256: 6cdf0d7798aecbac0482f83911a705c181b81de32596fbf417cc82070002017e 2126 mupdf_1.5-1+deb8u3.dsc 0a449a0fb49dd015673ff4a03b44e7d29a53f1753ca2adbf10057cc477689ec5 28200 mupdf_1.5-1+deb8u3.debian.tar.xz ed710d3080b1ac2c6497ab79b9979df163cbb39220adc5cfb459cef06b069a23 3465410 libmupdf-dev_1.5-1+deb8u3_amd64.deb 1ce9c5d3072bb8a3b1a1a5efed4c8df42222a0d0472c5ddfc6f92e2af2d0c40d 3415534 mupdf_1.5-1+deb8u3_amd64.deb a844db1161ac8bb35d274f9e6f2c7d7bd57cd769df43c3ef00c36a16d08c177a 3578254 mupdf-tools_1.5-1+deb8u3_amd64.deb Files: 8f74c9c6b94c6f84fbf8142fd0f6f0d7 2126 text optional mupdf_1.5-1+deb8u3.dsc 4dc931340e6e243a113ca40d15ead2da 28200 text optional mupdf_1.5-1+deb8u3.debian.tar.xz 3ec733666419112ee3d0274416130081 3465410 libdevel optional libmupdf-dev_1.5-1+deb8u3_amd64.deb 8b828d1a312bce82aaa634ecc766fc06 3415534 text optional mupdf_1.5-1+deb8u3_amd64.deb 2fa3122bc3a1f52b7829a232ebf2142f 3578254 text optional mupdf-tools_1.5-1+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAloGB5wACgkQbsLe9o/+ N3Q2Kg/+M5IxteD3gOGyl15p02HImYuDSHm2touj0Z1j84WKZuQtvp/zvDoS5t36 4zFwpiY8Qh2wF6wIqNrta2WsuHDJEtnJe673Pyf/b6G981B++iWLzNUUsgv6EMKo Q7bfg5XSEv4f9KRGWQZdLIRSlOuTIpltTAkGlOTFoHJ5vKZa9ROixzwRj4AcsbPu a+3964mqT2FUa+mD/bHMfnXLH32K6XC/WcsjHtWh4hvQupNZbCrFJA9WvLyseGDw z3BjKXbViYlZ7sFaQ6O4C13N/WCCxEDoCXqPyCv50ABUi8W0opk9Zcbe6KrQ3nND xsvaRRqstjgw9ehbzeY2iN8WRxV4FNJ9D6Ey/ca98vWMeiR3N2/6857VUOuSsU3g nQtx2klqmDEvR6JrtNsag1/vCMOIwSIM+251BueKVojoUbyY+XrDYUhqJF9w6E2Q zu3uNdKDCOlzZLcZrT3X2wxur1WweDCCHOhKtRVBCc0PZ5xoqmW3LOTqEwkLRzMp 4dp9J/oOi7gBtX7uHPQBzo3vDlklYhiVVZdy4vpVXq78Ridg4mNao3omMpX56vhf r3jm09S4zEcXSSbt3Y46vZuhCiZhMsw1eMn9UH8+22CltSokMlz5LfrPtEnQTGpr LdL8zk8vSSoGqkIoe7pmtI8FhMcwNIGfOAlSkUkuTDmosME+Kv8= =vk6y -----END PGP SIGNATURE-----
--- End Message ---
