Bug#983104: marked as done (RFS: mupdf/1.14.0+ds1-4+deb10u3 [NMU, CVE-2020-16600] -- lightweight PDF viewer)

Sat, 12 Jun 2021 03:00:34 -0700 

Your message dated Sat, 12 Jun 2021 11:56:47 +0200
with message-id <YMSE3zaa30Ci/+s...@isildor.loewenhoehle.ip>
and subject line Re: RFS: mupdf/1.14.0+ds1-4+deb10u3 [NMU, CVE-2020-16600] -- 
lightweight PDF viewer
has caused the Debian Bug report #983104,
regarding RFS: mupdf/1.14.0+ds1-4+deb10u3 [NMU, CVE-2020-16600] -- lightweight 
PDF viewer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
983104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983104
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: sponsorship-requests
Severity: normal

Dear mentors,
I am looking for a sponsor for the package "mupdf" with the upstream fix for CVE-2020-16600 that affects buster: 

 * Package name    : mupdf
   Version         : 1.14.0+ds1-4+deb10u3
   Upstream Author : http://mupdf.com/
 * URL             : http://mupdf.com/
 * License         : AGPL-3+
 * Vcs             : https://salsa.debian.org/koster/mupdf
   Section         : text

It builds those binary packages:

  mupdf-tools - command line tools for the MuPDF viewer
  mupdf - lightweight PDF viewer
  libmupdf-dev - development files for the MuPDF viewer
To access further information about this package, please visit the following URL: 

  https://mentors.debian.net/package/mupdf/

Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/m/mupdf/mupdf_1.14.0+ds1-4+deb10u3.dsc 

Changes since the last upload:

 mupdf (1.14.0+ds1-4+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600)

Regards,
Bastian

--- End Message ---
--- Begin Message --- 
On Fri, Jun 11, 2021 at 10:44:10PM +0200, Bastian Germann wrote:
> On Mon, 31 May 2021 19:41:53 +0200 Tobias Frost <t...@debian.org> wrote:
> > The diff looks good, but there are some formalities…
> > 
> > - Can you file an "Stable Proposed Updates" unblock request to get an 
> > approval.
> 
> Approved at #989530.
> 
> > - Possibly you should file an bug for CVE-2020-16600 and
> > close it in the changelog. (That would make it more transparent.)
> 
> Available at #989526.
> 
> > - Please also send a NMU announcement to the package's bts.
> 
> Also available at #989526.
> 

Uploaded! Many thanks Bastian for your contributions!

-- 
tobi

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to