Your message dated Sat, 12 Jun 2021 18:32:08 +0000 with message-id <e1ls8qs-0004bc...@fasolo.debian.org> and subject line Bug#983684: fixed in mupdf 1.14.0+ds1-4+deb10u3 has caused the Debian Bug report #983684, regarding mupdf: CVE-2021-3407 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 983684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983684 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mupdf Version: 1.17.0+ds1-1.2 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=703366 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for mupdf. CVE-2021-3407[0]: | A flaw was found in mupdf 1.18.0. Double free of object during | linearization may lead to memory corruption and other potential | consequences. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3407 [1] https://bugs.ghostscript.com/show_bug.cgi?id=703366 [2] http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 1.14.0+ds1-4+deb10u3 Done: Bastian Germann <bastiangerm...@fishpost.de> We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 983...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Germann <bastiangerm...@fishpost.de> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Feb 2021 08:55:54 +0100 Source: mupdf Architecture: source Version: 1.14.0+ds1-4+deb10u3 Distribution: buster Urgency: high Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org> Changed-By: Bastian Germann <bastiangerm...@fishpost.de> Closes: 983684 989526 Changes: mupdf (1.14.0+ds1-4+deb10u3) buster; urgency=high . * Non-maintainer upload. * Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600) (Closes: #989526) * Fix double free of object during linearization (CVE-2021-3407) (Closes: #983684) Checksums-Sha1: ae85a849c4d6b1d85dc19dd58a8b33af94d68309 2200 mupdf_1.14.0+ds1-4+deb10u3.dsc f23a38c916ca1211ecb0caf26060c176b0048a9d 33392 mupdf_1.14.0+ds1-4+deb10u3.debian.tar.xz 377920c9bc049c745a6d809e415a174cae29360f 11572 mupdf_1.14.0+ds1-4+deb10u3_amd64.buildinfo Checksums-Sha256: 2c83b8dbb166f0959fe9b4be3a88b3a3d9aee1fd4c97c332386a9889b09a1cbe 2200 mupdf_1.14.0+ds1-4+deb10u3.dsc 60c913510e65e633a311fecbb7134bc02497ab38f33cc51b17d74344e4a12340 33392 mupdf_1.14.0+ds1-4+deb10u3.debian.tar.xz 3c3cffe03425a1f7bac40c0aa681dc5031949c40054499ce52e47a273884ece5 11572 mupdf_1.14.0+ds1-4+deb10u3_amd64.buildinfo Files: edd8e1272ea05292cb8c9d23e4d0d4aa 2200 text optional mupdf_1.14.0+ds1-4+deb10u3.dsc 5d1de56d291f31416e3a324438e0caaf 33392 text optional mupdf_1.14.0+ds1-4+deb10u3.debian.tar.xz 6a58636a7d6720e4cd8c2a6e738e1373 11572 text optional mupdf_1.14.0+ds1-4+deb10u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmDEhAYACgkQkWT6HRe9 XTZsXxAAiYGYdGPBbZdQEQk+V1ZsmA7n+cFuwXsULILRrkuQLP99bNJ2GPjr6qwu Hlj19akNB3BCCW3fYgosCg2Tya4oFl2MFxpZYTZvrwFtAPsUfI1vhbIgPYt+UPnG FyweKTBBbBTm3EkRlKjN+qGi9mImsd1gZ7VajejTQqjnZrOiEwkVDTgXJqHitRAo NuS84b83n/YBYux0avv0vk40d8yR9DVT1619GMx0azPFrdIJzbBa/v0vk8HxyuXp opMapb1Vb2UbIpEpmi2l9Yc4xXz9Y5hDecf6iAe9FcYyD6aMoirzROzuPxq5BogK bievDEnXc4seZ5QYU3AYhv2RQkzKznyQodYkSzSivf8ZPB7cCYL6hSX/RgKTg3xj 5IvcASpNlw9BQv5QU7yQoYpmfw4xmIwofrs0/xpA+17vN2WlnNoNCoZK6MEoNMPe RnoY7zHdSVWMhwpiVcmb0r47Zg4bT32JMmLGdubRztPO4GnbfUZKIGNNxaV8vJw8 jvUXoGPJCTfRB9ZhZu7HRrWo8cZQemcIyuKIrh1nirWxdSlpaiVHZsGgt710SkUT HaQ25Zx20L7XW2+dA6PQPbTiS9p9/hUg2+EF1dJFmV2Kz1DqbpUAgHoLHo77FtUV KMHFhGQSMpuSqvEj/NTasHiqvaH7uDDGlBdwvFbySlWjypzGmXU= =rzO0 -----END PGP SIGNATURE-----
--- End Message ---
