Bug#971595: mupdf: CVE-2020-26519
On Fri, 23 Oct 2020 21:05:44 +0200 Bastian Germann wrote: On Oct, 7th, upstream version 1.18.0 was released which contains the fix. Please update to that version. At https://salsa.debian.org/koster/mupdf/-/merge_requests/6, I published the changes for the package to import the new upstream version.
Bug#971595: mupdf: CVE-2020-26519
On Fri, 02 Oct 2020 14:34:40 +0200 Salvatore Bonaccorso wrote: > Source: mupdf > Version: 1.17.0+ds1-1 > Severity: important > Tags: security upstream > Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=702937 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerability was published for mupdf. > > CVE-2020-26519[0]: > | fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap > | size calculation. > > Unfortunately the upstream bug[1] is restricted. The fix though is > referenced/commited in public already[2]. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-26519 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26519 > [1] https://bugs.ghostscript.com/show_bug.cgi?id=702937 > [2] > http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore On Oct, 7th, upstream version 1.18.0 was released which contains the fix. Please update to that version.
Bug#971595: mupdf: CVE-2020-26519
Source: mupdf Version: 1.17.0+ds1-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=702937 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for mupdf. CVE-2020-26519[0]: | fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap | size calculation. Unfortunately the upstream bug[1] is restricted. The fix though is referenced/commited in public already[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-26519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26519 [1] https://bugs.ghostscript.com/show_bug.cgi?id=702937 [2] http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
