Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:pymupdf User: [email protected] Usertags: pu
[ Reason ] Fix CVE-2026-3029 via upstream change. [ Impact ] Vulnerable for arbitrary file write via path traversal. [ Tests ] New unit tests introduced with the upstream change. [ Risks ] Code is trivial and the new unit tests check the new behavior. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] Improved safety of `pymupdf embed-extract`. This now refuses to write to an existing file or outside current directory, unless `-output` or new flag `-unsafe` is specified.
