Your message dated Mon, 03 Sep 2018 01:05:00 +0000
with message-id <[email protected]>
and subject line Bug#896545: fixed in mupdf 1.13.0+ds1-3
has caused the Debian Bug report #896545,
regarding mupdf: CVE-2018-10289: Infinite Loop in fz_skip_space
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
896545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896545
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mupdf
Version: 1.9a+ds1-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699271
Hi,
The following vulnerability was published for mupdf.
CVE-2018-10289[0]:
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space
| function of the pdf/pdf-xref.c file. A remote adversary could leverage
| this vulnerability to cause a denial of service via a crafted pdf file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10289
[1] https://bugs.ghostscript.com/show_bug.cgi?id=699271
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.13.0+ds1-3
We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <[email protected]> (supplier of updated mupdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Sep 2018 09:10:50 +0900
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.13.0+ds1-3
Distribution: unstable
Urgency: medium
Maintainer: Kan-Ru Chen (陳侃如) <[email protected]>
Changed-By: Kan-Ru Chen (陳侃如) <[email protected]>
Description:
libmupdf-dev - development files for the MuPDF viewer
mupdf - lightweight PDF viewer
mupdf-tools - command line tools for the MuPDF viewer
Closes: 896545 903319
Changes:
mupdf (1.13.0+ds1-3) unstable; urgency=medium
.
* debian/patches: import upstream patch for CVE-2018-10289 (Closes: 896545)
* More FTCBFS patches.
Thanks to Helmut Grohne for the patches. (Closes: 903319)
Checksums-Sha1:
557c8f7300da4548f4c1e8fe9b5bb65213859cbe 2156 mupdf_1.13.0+ds1-3.dsc
f559278ae3ffca0ec49edf91c49605c67c11eb93 26604 mupdf_1.13.0+ds1-3.debian.tar.xz
cdcc968d3e9727950e0d1859c59e13fb9ded301f 21528772
libmupdf-dev_1.13.0+ds1-3_amd64.deb
f1c0d9479bb66818c0305f6f14373f0b0124f795 3007564
mupdf-dbgsym_1.13.0+ds1-3_amd64.deb
d9604c19add53e9b28985ccee55f03494795085a 3279516
mupdf-tools-dbgsym_1.13.0+ds1-3_amd64.deb
8ec458dc9cf62ad763d544d48a8d21b5fbf5ae5f 19233144
mupdf-tools_1.13.0+ds1-3_amd64.deb
333bf21fcc79072031b23d817c434f7eae78d460 10926
mupdf_1.13.0+ds1-3_amd64.buildinfo
23a92586beff28ddff1ccb73e139a5ad884a9fa7 19014956 mupdf_1.13.0+ds1-3_amd64.deb
Checksums-Sha256:
f966918da07b77566d0ddb0279319b93bfe343702feb0d2b750b134bcf7e4850 2156
mupdf_1.13.0+ds1-3.dsc
20373606d45b16accc0726237b8007e770fafb86b42ead1e3a2a38230e209d10 26604
mupdf_1.13.0+ds1-3.debian.tar.xz
845f23453ad2b9ab63e885b6c2c091d1cb521297adee8f852f636af028ab98fd 21528772
libmupdf-dev_1.13.0+ds1-3_amd64.deb
753b5e8d3b99e1464e2774d0d5383d56a688977b880d2ffec83437f395f4dba3 3007564
mupdf-dbgsym_1.13.0+ds1-3_amd64.deb
b041706460a8d75b70260bb4dd190df29e9d7a10a96412745a3f34695b9a7c96 3279516
mupdf-tools-dbgsym_1.13.0+ds1-3_amd64.deb
dbef8bbda069438d491b7031871c635dbe40987811f072b1f71743ef7c7f8405 19233144
mupdf-tools_1.13.0+ds1-3_amd64.deb
be28ce3cb0bcc6ee3be48b724927c0b56adb3c4c8f7055f1ead6f0493f8e639a 10926
mupdf_1.13.0+ds1-3_amd64.buildinfo
def20ee2a90c2caea195e9cf4f4202a49b35550cb3f256bd5445915412155c2f 19014956
mupdf_1.13.0+ds1-3_amd64.deb
Files:
9761a0049204ed53c6360881618fe097 2156 text optional mupdf_1.13.0+ds1-3.dsc
671a339fc71c9ed0342be2d99425ceab 26604 text optional
mupdf_1.13.0+ds1-3.debian.tar.xz
896ebedb32a86c625ded789a3b7ae209 21528772 libdevel optional
libmupdf-dev_1.13.0+ds1-3_amd64.deb
0e04f5a8f3cb3496b49636fa84af1166 3007564 debug optional
mupdf-dbgsym_1.13.0+ds1-3_amd64.deb
57108888cf75d0c1fa4200c6b61d12ac 3279516 debug optional
mupdf-tools-dbgsym_1.13.0+ds1-3_amd64.deb
55df281aa8598acd0f378f5ad8e60399 19233144 text optional
mupdf-tools_1.13.0+ds1-3_amd64.deb
17b1d27d23a1ad47744907ec847bfdf9 10926 text optional
mupdf_1.13.0+ds1-3_amd64.buildinfo
5e03f7eaa5ebd3450518170e0d991c08 19014956 text optional
mupdf_1.13.0+ds1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAluMgxIACgkQCjk1Srbl
feFjUhAAi2Nf00VldLymT5yzK4b+DOCt4JYZL3IeOPaA3pqJjjZ0dnORYZ7grTpe
PdIMTq2Lwm+sUtPQVZz7YKDOqJUoV+gzwI5ZVS/7XQZX70lPL4IY7nOR9Kfgnn0Q
mTMC6CjTYSLWVBYaXL8AZcu0wpuggvwNUaQXbvoOOStKaBdGeaiU3315uWi5/kSR
7+e/kaCL1HE9pza+SoM3MNIBrccrCvK21c73++hE3F/1wIK0WqRnDLdX/j8coPhp
EB34nY5jVf8ZLxh/Gh6g45bqnH/6wK+XN2bcSeysiZW3uhYKgkS3HyV9D7YnS40U
VMgPlzuh2i7wlUArG3c15IasE+fXhHuw80/9GdIrtKRoD5tifp1B/VhV9k8o63Zg
kaQQU33UxXu4Js9UHm0TjcPE0p8x6bHznCGiPHBITylQ2nHYSeQLbDiC4Tj0lMqm
QGHdrt9tgrID5vSdnluB+jzDd9r+zXHjN5sMobtd8yH9Z1I0LB7bT4eofCBZr9hh
whGJvRfBjqkDtEro++dAm80iqj06txg9H7HhEDubrogpRFOmJdrltsRZrX5s4CyB
xTEgDd6ou22/RybxV0RR9eHcGVLVLgKHQl9fUMcIb4Vu9tOOn1pPzY2UlEGVUH0Z
ovpKPXHUV0qW9p0kQaEwzgBTBuO13BSwCPvF3iNoK48IpYzwJLw=
=f276
-----END PGP SIGNATURE-----
--- End Message ---
