Your message dated Sun, 28 Aug 2016 12:47:45 +0000
with message-id <e1bdzv3-0000qw...@franck.debian.org>
and subject line Bug#833417: fixed in mupdf 1.5-1+deb8u1
has caused the Debian Bug report #833417,
regarding mupdf: CVE-2016-6525: heap overflow in pdf_load_mesh_params()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
833417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mupdf
Version: 1.5-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for mupdf.
CVE-2016-6525[0]:
heap overflow in pdf_load_mesh_params()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6525
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.5-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 833...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated mupdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 Aug 2016 16:43:34 +0200
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source
Version: 1.5-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 832031 833417
Description:
libmupdf-dev - development files for the MuPDF viewer
mupdf - lightweight PDF viewer
mupdf-tools - commmand line tools for the MuPDF viewer
Changes:
mupdf (1.5-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-6265: Use after free vulnerability in pdf_xref.c (Closes: #832031)
* CVE-2016-6525: heap overflow in pdf_load_mesh_params() (Closes: #833417)
Checksums-Sha1:
e6573c3d58e3235ddfd6100c98c4c298413e2681 2122 mupdf_1.5-1+deb8u1.dsc
9b451774d628d2953df7591f0fcdb465f7da4fa5 7528994 mupdf_1.5.orig.tar.gz
09478f047fb172be3017e19560481384100ec465 25224 mupdf_1.5-1+deb8u1.debian.tar.xz
Checksums-Sha256:
f203c1d2490900d76e05ae369a379c8fdf17aac4c636934665f9971cd37d072e 2122
mupdf_1.5-1+deb8u1.dsc
9ef2a457c119031cbf84cf89bfe9bf01d3fbb4b739bb4707bb58bfe141102ff2 7528994
mupdf_1.5.orig.tar.gz
1e5bfeb9debf8811727792eb4d9e0e38120d51618bcde138c46869a370f89dee 25224
mupdf_1.5-1+deb8u1.debian.tar.xz
Files:
2fd66461ed83b6b13f434d9acc59b51f 2122 text optional mupdf_1.5-1+deb8u1.dsc
89dd2ad96a3679035b89007d7dcbd847 7528994 text optional mupdf_1.5.orig.tar.gz
160af6d320bd41a41f9746e0d85997e5 25224 text optional
mupdf_1.5-1+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIvBAEBCgAZBQJXwHkpEhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRK3E
D/9Z2TV9trL1BzAMApSQLxHMN0GFX0P0pi8uM8Cfd0yIctR0+YcMKjInCMe/cT9i
JM+uA7mZReuQYrD7+eXHxtZpKGvSOWXbdmg3PGznAavmmjWt0gnGc9UiSKOrP7oG
CZV50h/+4RAh+/N3Ha3RKz+tGUFGjKui/4AavHagO82glMPlq3Q6FvKAZwCXl3HS
e9rCmLGSgoTmfSIreQRQquTAk5lqHFJXqrtfFhgNFiOMjZ91TeBEcL3mr88Euu2s
N3009OvQKqLDR5/rG9at1YczopgL0fbXeeAUhEebgodr/hVnq4ni/qOewLybZXs7
q1uy7cuGMrkTwBMKQwwS8GTs7w9XWwYd90kit82fQ/doLCpa0X58Ay+NboXaZbuL
rX83oyqmer/3ySpjqBcegOJp6HbamOpzy1eMCPAIvnf6W/bLGGUMJl7t8NbX292+
7JXNuPuWLQ5iDVPIBfahZfnpXWoW0ZgE6HhJc7mR6s5ZGeueaQKz9BvfU6YA7KAh
ABJKBVstQTYrgERjQZvEptWXT47mrxf9EfAgO99GyRRseHI450AMW2BtGcm8yc5U
udJJGTzH4U7RBrNJp1KcFGLdZWAjKYiP5GOLZGIa0blv1C8FXVPI4UTcXP88UlgF
owh9prHZRo3PfPiFZKq5OQsbAqHoFg3ZCPL8B4ohgBFyxQ==
=uyO8
-----END PGP SIGNATURE-----
--- End Message ---
