Your message dated Fri, 05 Mar 2021 13:33:28 +0000 with message-id <e1liaa8-0001jg...@fasolo.debian.org> and subject line Bug#983684: fixed in mupdf 1.17.0+ds1-1.3 has caused the Debian Bug report #983684, regarding mupdf: CVE-2021-3407 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 983684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983684 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mupdf Version: 1.17.0+ds1-1.2 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=703366 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for mupdf. CVE-2021-3407[0]: | A flaw was found in mupdf 1.18.0. Double free of object during | linearization may lead to memory corruption and other potential | consequences. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3407 [1] https://bugs.ghostscript.com/show_bug.cgi?id=703366 [2] http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 1.17.0+ds1-1.3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 983...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Feb 2021 13:40:40 +0100 Source: mupdf Architecture: source Version: 1.17.0+ds1-1.3 Distribution: unstable Urgency: medium Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 983684 Changes: mupdf (1.17.0+ds1-1.3) unstable; urgency=medium . * Non-maintainer upload. * Fix double free of object during linearization (CVE-2021-3407) (Closes: #983684) Checksums-Sha1: aba1d8523efc0d8057cddc0dd6a3d0d4b8a25375 2391 mupdf_1.17.0+ds1-1.3.dsc 26a905d046db87aa5bf27bab30fe086124294236 30556 mupdf_1.17.0+ds1-1.3.debian.tar.xz Checksums-Sha256: ba92dfdad2da7aae0a35cc69718b501c60bfaceadaf1926b6e46b83695d1b3a3 2391 mupdf_1.17.0+ds1-1.3.dsc 4514e6a0e10d30522a13e04bd3a3cba0731e62859358877b7eb29871b62929ac 30556 mupdf_1.17.0+ds1-1.3.debian.tar.xz Files: 2170c268db7d0d202e53fc3797bc2c6f 2391 text optional mupdf_1.17.0+ds1-1.3.dsc 8d2e269c63354e6a96413ece1cac0aae 30556 text optional mupdf_1.17.0+ds1-1.3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmA7kptfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E1pIP/15fWf0gK22ykBCnid6Og+y6JT/5vGy5 /XXxmlobpnIoupIN+NhfqD/KlG4nB0k2tZD1geoWzUaXobosck/SIMwyDuDzsW4s lXOeAM3ik6FPexQQY3HLSAfrg6HuZOm9NV26X6zsxcnEfKX2KXqzxEJBdwVjFOy9 rfhvRwmf4xiF9VbWjds6y8cEn9VbDE+1HS74i2DQA9Y6i4SBA5wslyVlwJpeCa/+ Lz9tiEENxaujklZsh0hx1CHzZEl0jvsFrbgZ1LBC8PeRuVaqShZriOf4DfriWI0+ PhgFKMbVAvBv/yEg4ssSf7TfmnGllJ7coQvoCt+afkxqQwuzzMN8qE5EFdXy61Y/ 2tiV88IyHhHFFZLDwjsbt69O3DmkyqqFPG19jDF3n/3XsPiM4QAVbau2IVb/ZYeE BHu6bC7lq6dMaOMicBRMfWFjvYsY8CvPqK1fbMPZ7VwGT/caj8heNYBeljRqD/Qp 4uMxGiQWWAJlnJKFdF0/9YH1eatl1EVjOtbn5L+m72ir3dpZ8Qa8j9qDIHo1TxQc Ooy23m5QNvA45bvBILXxwQt9BK4flXvhkDAumuV+6dQh4i7Hfofb5v8FZ9N0ND6t BT7CZ38Nx3I8oy94cuSI4K2VMeStmDZu5jP5D2LuyImvHAHzJgopjCPlP9oyt8eb DhBAhLOJAoTQ =1Fig -----END PGP SIGNATURE-----
--- End Message ---
