Your message dated Sun, 22 Nov 2020 19:32:23 +0000
with message-id <[email protected]>
and subject line Bug#971595: fixed in mupdf 1.14.0+ds1-4+deb10u2
has caused the Debian Bug report #971595,
regarding mupdf: CVE-2020-26519
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
971595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971595
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mupdf
Version: 1.17.0+ds1-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=702937
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for mupdf.

CVE-2020-26519[0]:
| fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap
| size calculation.

Unfortunately the upstream bug[1] is restricted. The fix though is
referenced/commited in public already[2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-26519
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26519
[1] https://bugs.ghostscript.com/show_bug.cgi?id=702937
[2] 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.14.0+ds1-4+deb10u2
Done: Salvatore Bonaccorso <[email protected]>

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Nov 2020 10:20:45 +0100
Source: mupdf
Architecture: source
Version: 1.14.0+ds1-4+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 971595
Changes:
 mupdf (1.14.0+ds1-4+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519)
     (Closes: #971595)
Checksums-Sha1: 
 4747d54aef15f05173f906eb35d8908b5ae114d6 2355 mupdf_1.14.0+ds1-4+deb10u2.dsc
 151574e1271a6161e4cbcf9dca239710626e7a00 32284 
mupdf_1.14.0+ds1-4+deb10u2.debian.tar.xz
Checksums-Sha256: 
 28c83b7852aef461cdcc29f4964aa4197ee3a5235f75978fc0c12e13e053cfb9 2355 
mupdf_1.14.0+ds1-4+deb10u2.dsc
 97e4f50db42389241aecc0c7a3ad4502c8bc2ef30f8bdc7d107c18923af4c8b5 32284 
mupdf_1.14.0+ds1-4+deb10u2.debian.tar.xz
Files: 
 ba0ff4bf4c60d194c22b097c4227412d 2355 text optional 
mupdf_1.14.0+ds1-4+deb10u2.dsc
 ac36175326f0032ad403de1f77d1071c 32284 text optional 
mupdf_1.14.0+ds1-4+deb10u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+manFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqbgP/3W+qabUuWVWgjQThU9xYGJUe6NqktJr
eNmBDI+pceTXeUXR/TVhcNZ6EQ3+LddCslonMYChXAvZ9rWc2bzAxTjXC11KGWrl
zPkjTP82FihJdcmE05+MpzDG3XdAU1IZEOvwLCuduqo7Zv4q4nSGEfnp0J//g5dJ
bMq2hIg8EPtCUssYVjVCcwPmCialv2dz3PRCY+omMxOQyYN2HNjI+pQSEIr+eTU4
xoS0TK2mhST9vxoHAXo1XtdfgGw3NvaQvCyEwtXTpl6/LK6M1bd+lsLeKXxvfEe2
WVzeVsGUmNmy5+i4k+TyDmT2MHfpUxzDp6CCCliylT2MSmVn4/cqpxwYDcMwzzMF
3bACbstVZijUxphXFPA7DxBvq8IuaxTV8FddVJUcafP/gRTaRzVn83wsYqw4GaSZ
o8xWDUwjVf0UQBYTA45VSLIbOXq5BEYk1qkzA4zeEpCVt7rw4420G8cM9D4rceH6
KgIUcb4WK8gaxY4ZGAoMK6vIFdXrkDu/p+1rniFq7SQVlObynGKeplfe0BEpy3Vk
rhgqdCnGpncI8NcLaBhV/4Z9Vhotd5z/8VtF5f9PjXGwghs/Ug9fUPBeYB162jK/
NEr016wbmMEezcHab184B/R3hBDS1Uuxpkt9uCjjsCyaMY5JiEstqd36uNXiJu4+
JkREDwDwqgH1
=oRfX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to