Bug#877379: marked as done (CVE-2017-14685 / CVE-2017-14686 / CVE-2017-14687)

2017-11-12 Thread Debian Bug Tracking System 
Your message dated Sun, 12 Nov 2017 15:33:22 +
with message-id 
and subject line Bug#877379: fixed in mupdf 1.9a+ds1-4+deb9u1
has caused the Debian Bug report #877379,
regarding CVE-2017-14685 / CVE-2017-14686 / CVE-2017-14687
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mupdf
Version: 1.11+ds1-1
Severity: grave
Tags: security

Hi,
please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687

which contains further descriptions and links to upstream fixes.
Can you please also prepare updates for stretch-security/jessie-security?

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.9a+ds1-4+deb9u1

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 877...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello  (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 22 Oct 2017 20:10:29 -0400
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.9a+ds1-4+deb9u1
Distribution: stable-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) 
Changed-By: Luciano Bello 
Description:
 libmupdf-dev - development files for the MuPDF viewer
 mupdf  - lightweight PDF viewer
 mupdf-tools - command line tools for the MuPDF viewer
Closes: 877379 879055
Changes:
 mupdf (1.9a+ds1-4+deb9u1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2017-14685, CVE-2017-14686, CVE-2017-14687, and CVE-2017-15587
 (Closes: #877379, #879055)
Checksums-Sha1:
 9d81799345cfb4ebec2c5b8f208cd4b7502275ed 2181 mupdf_1.9a+ds1-4+deb9u1.dsc
 2699c33ddc8f33819cd0791f3762a3a268873286 13325139 mupdf_1.9a+ds1.orig.tar.gz
 5908b334c81b062996e71e6a7388e13e52f51ac0 29900 
mupdf_1.9a+ds1-4+deb9u1.debian.tar.xz
 86dbb5d043099667a46df82fb654e3504eed87c3 7301598 
libmupdf-dev_1.9a+ds1-4+deb9u1_amd64.deb
 05a7c5e73f7105664b082783eda97d3566cdfbde 2114944 
mupdf-dbgsym_1.9a+ds1-4+deb9u1_amd64.deb
 64e7906300b406c5baf9e1cde09d67d57db4e44f 2387358 
mupdf-tools-dbgsym_1.9a+ds1-4+deb9u1_amd64.deb
 373f45904a3f03b43a560878bc3b0a1323596cf6 6910056 
mupdf-tools_1.9a+ds1-4+deb9u1_amd64.deb
 971d193b1017480c7872c50194eaeaff05ebbcd4 8529 
mupdf_1.9a+ds1-4+deb9u1_amd64.buildinfo
 9278ad662dd2e7b2cfbe815bfc9fe4a844c1fe10 6855630 
mupdf_1.9a+ds1-4+deb9u1_amd64.deb
Checksums-Sha256:
 2322908eb72897a86d2ae4cfcf0c4bbeb946b1f7a1931460359569bec7cb76e4 2181 
mupdf_1.9a+ds1-4+deb9u1.dsc
 1b5d6126472f99ae2c99f1b474169b752764d63a90d3dd6e6a6f8fac8cdd0b75 13325139 
mupdf_1.9a+ds1.orig.tar.gz
 0daba2cb247730dbc741e1cb20396976ba6cb6a1bc9af9988b69cd56e7541f99 29900 
mupdf_1.9a+ds1-4+deb9u1.debian.tar.xz
 1022406bbe88face9ceaf28e5cea8e742c221018427321d36b643611f48dc093 7301598 
libmupdf-dev_1.9a+ds1-4+deb9u1_amd64.deb
 8245a8db1726ca33404bb2ce5cc6a83ed5637b0308bd93fca22cf24906197c9a 2114944 
mupdf-dbgsym_1.9a+ds1-4+deb9u1_amd64.deb
 09a63eef58a5a9daaba2c71a7085c18dd0a3ec756a26ae95970de4f831c0b542 2387358 
mupdf-tools-dbgsym_1.9a+ds1-4+deb9u1_amd64.deb
 95b8c926f73a8aa942c724799e3e36565394bf3d2005beb6576f8c21e2cb40fa 6910056 
mupdf-tools_1.9a+ds1-4+deb9u1_amd64.deb
 e20285543adba21cc56b5d566361fa3afb811a81a3a2190fec71d9c23297b036 8529 
mupdf_1.9a+ds1-4+deb9u1_amd64.buildinfo
 8d75a49ebb70e827a3e062953af0b37dcb2ded7451feb64d75a4b5f0a1e1e903 6855630 
mupdf_1.9a+ds1-4+deb9u1_amd64.deb
Files:
 f3481c5a6f7bdbc4d757fde2b964f844 2181 text optional mupdf_1.9a+ds1-4+deb9u1.dsc
 62e41e176d501171476cf4f6a03d8306 13325139 text optional 
mupdf_1.9a+ds1.orig.tar.gz
 c16c035920950af2c6b3ca0d90e51744 29900 text optional 
mupdf_1.9a+ds1-4+deb9u1.debian.tar.xz
 b9f4e329f56ef186fc7509fe70a4 7301598 libdevel optional 
libmupdf-dev_1.9a+ds1-4+deb9u1_amd64.deb
 786cd6cc8f984451cc1bcc27cddfafac 2114944 d

Bug#877379: marked as done (CVE-2017-14685 / CVE-2017-14686 / CVE-2017-14687)

2017-10-15 Thread Debian Bug Tracking System 
Your message dated Sun, 15 Oct 2017 15:38:35 +
with message-id 
and subject line Bug#877379: fixed in mupdf 1.11+ds1-1.1
has caused the Debian Bug report #877379,
regarding CVE-2017-14685 / CVE-2017-14686 / CVE-2017-14687
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mupdf
Version: 1.11+ds1-1
Severity: grave
Tags: security

Hi,
please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687

which contains further descriptions and links to upstream fixes.
Can you please also prepare updates for stretch-security/jessie-security?

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.11+ds1-1.1

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 877...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 08 Oct 2017 10:37:23 +0200
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source
Version: 1.11+ds1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Kan-Ru Chen (陳侃如) 
Changed-By: Salvatore Bonaccorso 
Closes: 877379
Description: 
 libmupdf-dev - development files for the MuPDF viewer
 mupdf  - lightweight PDF viewer
 mupdf-tools - command line tools for the MuPDF viewer
Changes:
 mupdf (1.11+ds1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Don't use xps font if it could not be loaded (CVE-2017-14685)
 (Closes: #877379)
   * Check name, comment and meta size field signs (CVE-2017-14686)
 (Closes: #877379)
   * Handle non-tags in tag name comparisons (CVE-2017-14687) (Closes: #877379)
Checksums-Sha1: 
 ec41dd2f4d1ecd3d0e0974bc7ac7cc2d8ed84153 2316 mupdf_1.11+ds1-1.1.dsc
 2f4d9fcde11d09058834c6b34eac0d06821ec9f0 26408 mupdf_1.11+ds1-1.1.debian.tar.xz
Checksums-Sha256: 
 77bd9843f4c442b99f4e98d7605fb9139fb8e2c38d710ef7fd9b8dc96475a04b 2316 
mupdf_1.11+ds1-1.1.dsc
 cb274532e34f818b2f1871fee6303cfffda37251937dd7d731a898b2ca736433 26408 
mupdf_1.11+ds1-1.1.debian.tar.xz
Files: 
 630593b9756c7076c81053da26132a5e 2316 text optional mupdf_1.11+ds1-1.1.dsc
 4bf112ceea37740d8ee71510228692c3 26408 text optional 
mupdf_1.11+ds1-1.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnhupRfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Etf4P/1LVBMWOoVlpO4KTy/6xy7z03+hwrpQo
sJdPo+s8v9G4+kXCUBUZh4kKz3D8HxUBR2kg5c3IVd01gXFctM+lyNJwtm5UgxBW
ZMNRc1Qjm0MMJW1t1qlnXlcxPy35hkSDsAGQs7L/haZXn6fnfLSNtvPl21xYHHDw
/jNBGwgMIo9MXKftY6cBzAOspD2Z8jOa/f3LSEb6fiBmp8kkOz+KTRpZqkYgXvN8
VtelaPjSb81+VFu5lcZ0BFqWToQJDtNXAh1ZiADSxs4umeTW0hOVOwSDo+FZflCG
t9kDkBuiRxk1m0KUvPjH9+lAK0EMY9N0k/g8SsKh3ZGQ+OKnMJBst59OQyjbPnlI
Ha5THFoPbc+b6A2mSTTl+wMDyM6e/hTJmkhpku1DKo9UXk5jefUbuM4mBli+5bwM
u0V07OlIFaFZenv3ppMGQk2vPHwk9Xs+38eP7Wrx8To+CyyYbd6UUH46Yj8/NZnM
lruaUC65XRRTR7WUQ0Jug5TXIjH2pRyyk22GH/4lC/6S0xd6Vfb5vUZBKReCOJ1z
5iE02l7uuDbom3fABipI+DH5Mx/R1vfN56PBD2dYAj3vjsJK2yswBid75V598wiL
M0CKXIU6b8vaVBdGx0TgEIwMLvR+UL8ONGRzpS0jZbE6cBfsa1x1ODqt/F5hwHHD
FnFaxjkD21ZH
=5Ehs
-END PGP SIGNATURE End Message ---