Your message dated Thu, 26 Oct 2017 15:37:10 +0000
with message-id <e1e7kdw-000gi2...@fasolo.debian.org>
and subject line Bug#879055: fixed in mupdf 1.11+ds1-2
has caused the Debian Bug report #879055,
regarding mupdf: CVE-2017-15587
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
879055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mupdf
Version: 1.5-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698605
Hi,
the following vulnerability was published for mupdf.
CVE-2017-15587[0]:
| An integer overflow was discovered in pdf_read_new_xref_section in
| pdf/pdf-xref.c in Artifex MuPDF 1.11.
base64 encoded reproducer for verifying:
JVBERi0wMDAwMDAgMCBvYmo8PC9bXS9JbmRleFsyMTQ3NDgzNjQ3IDFdLyAwIDAgUi8gMC9TaXpl
IDAvV1tdPj5zdHJlYW0Nc3RhcnR4cmVmMTAK
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
[1] https://bugs.ghostscript.com/show_bug.cgi?id=698605
[2]
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
[3] https://nandynarwhals.org/CVE-2017-15587/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.11+ds1-2
We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <kos...@debian.org> (supplier of updated mupdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Oct 2017 22:28:43 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.11+ds1-2
Distribution: unstable
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <kos...@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <kos...@debian.org>
Description:
libmupdf-dev - development files for the MuPDF viewer
mupdf - lightweight PDF viewer
mupdf-tools - command line tools for the MuPDF viewer
Closes: 879055
Changes:
mupdf (1.11+ds1-2) unstable; urgency=high
.
* Acknowledge NMU. Thanks, Salvatore.
* Renumber patches
* Fixes CVE-2017-15587 (Closes: 879055)
* Sort files in static library to make the build reproducible.
* Bump Standards-Version to 4.1.1. No changes needed.
Checksums-Sha1:
bffb0aa02a36ce322bd4f91257a8f6dfd8d9115d 2153 mupdf_1.11+ds1-2.dsc
c3770ee899a86c163ab8f0c931858d2dc3324176 26824 mupdf_1.11+ds1-2.debian.tar.xz
ec448e6fe9632e2f137944757350b0588595424f 21127648
libmupdf-dev_1.11+ds1-2_amd64.deb
9b1376cb28b07ce264fee713680b637723fa28da 19088912
mupdf-tools_1.11+ds1-2_amd64.deb
3b93ba673c84d85653e3d2c37978d7211543af38 8029 mupdf_1.11+ds1-2_amd64.buildinfo
7a5f7595521c715795d63f26e7d857ce12478098 18915888 mupdf_1.11+ds1-2_amd64.deb
Checksums-Sha256:
fe0fc8bda547129a808eaa46367eca8a018c4208c34dd71040996a71245ef2d5 2153
mupdf_1.11+ds1-2.dsc
da7445a8063d7c81b97d2c373aa112df69d3ad29989b67621387e88d9c38b668 26824
mupdf_1.11+ds1-2.debian.tar.xz
4d2fb8421d4f4cadfeb579a9b8762908128478b1acbd2653e153953535f16a6a 21127648
libmupdf-dev_1.11+ds1-2_amd64.deb
08fb6279f2dc3cb4225cc13a7bc6a87c08bf0c770822cd9aeb6daefc18beadca 19088912
mupdf-tools_1.11+ds1-2_amd64.deb
e1dec8ffc670839b48c5831a266b076be6f6db27e24e99fea5000bb0cd3952bc 8029
mupdf_1.11+ds1-2_amd64.buildinfo
ac5044edb10e9accfb033f06248a93cdfb6b17264a793dd50bc01e117705402d 18915888
mupdf_1.11+ds1-2_amd64.deb
Files:
3de8c76f8313e0a18039ee621998d2bd 2153 text optional mupdf_1.11+ds1-2.dsc
378192c7b2489e04704bf3061123a6ba 26824 text optional
mupdf_1.11+ds1-2.debian.tar.xz
9a8eefc38adea1a4319869ae530b5e26 21127648 libdevel optional
libmupdf-dev_1.11+ds1-2_amd64.deb
c4d2a4ad4ded92b9136fbb2fb51d093e 19088912 text optional
mupdf-tools_1.11+ds1-2_amd64.deb
5d51562c253b3c9fa5c320a3cef85dfe 8029 text optional
mupdf_1.11+ds1-2_amd64.buildinfo
fd5214311732c322b091bca17e13f50b 18915888 text optional
mupdf_1.11+ds1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAlnx/HsACgkQCjk1Srbl
feGprBAAmjOe6zt6fXw9SC6iaQcu0RLCCB4FFijRxmUHmxj99B2/H8TrNsYZVUQz
OrGzGVnAImsjc0jiXPABZMqi4YiUFWJFSTcCv3/gITbck7w424QhYe1q7nU79awA
5Zn9W1jpfwVFySUH/pMTflNCib5tJ24yQVQd0CKCrJZrHVXmnx93oE/i4eYbaRcP
jLXK7VlOFvaQEJnzpwngTmOT+coPlKmihFacG88RmxFJZSx0rzkbDJ/QMLFwRiCA
mcFN444VD993SaYVg+we7qDANnK306soAdznWdVJAKafGGhKAs38fraT7WxQrEDK
Dcf5wcTG/RMkYEVsCceraQpOV0UAlQKU8hofyoEe514giis8Bb7IMRZEbFCpSfB4
AZqSE9leRjMx/NGVg4W94/3g/cuTPo1Fi9Dia9d9RSa3c7XyC03WPe5ZDAwEq5L6
y83UU7lRNcvcoC4sm3XSHgv8yzX892qkfS9zuRhJruwKHepMmJIwdL4kEArndWqv
D+cUcohy3gWH55jfpHolb8zoPhYlrZVC35d6uaWiSKuKzjvTK/+luAJBWrkr6Rsu
SZ+BDQyIOX6Z8w9N8MstmOk1N6xUHpxLF+kYU6/9/Fi8zHpnI/FHhYObA+eLoOiJ
0jSbzeoXi+J2bO0Cgxf7Iz2c+Y14A6MZuY0iMG3Rehj8ja7/iRE=
=v97U
-----END PGP SIGNATURE-----
--- End Message ---
