Your message dated Sun, 15 Jun 2014 21:38:23 +0000 with message-id <e1wwi87-0005py...@franck.debian.org> and subject line Bug#738857: fixed in mupdf 0.9-2+deb7u1 has caused the Debian Bug report #738857, regarding mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 738857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mupdf Severity: grave Tags: security Justification: user security hole Please see http://www.hdwsec.fr/blog/mupdf.html Can you please contact upstream for a patch and whether this affects Linux builds of mupdf? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: mupdf Source-Version: 0.9-2+deb7u1 We believe that the bug you reported is fixed in the latest version of mupdf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 738...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kan-Ru Chen (陳侃如) <kos...@debian.org> (supplier of updated mupdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2014 23:59:34 +0800 Source: mupdf Binary: libmupdf-dev mupdf mupdf-tools Architecture: source amd64 Version: 0.9-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Kan-Ru Chen <kos...@debian.org> Changed-By: Kan-Ru Chen (陳侃如) <kos...@debian.org> Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - commmand line tools for the MuPDF viewer Closes: 738857 Changes: mupdf (0.9-2+deb7u1) wheezy-security; urgency=high . * Backport fix of CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color() from unstable. (Closes: #738857) Checksums-Sha1: f525c41af74839c7ebe21f613ae49840fd61ce80 2028 mupdf_0.9-2+deb7u1.dsc 3a3ba42d19e3211199110e7c782263241cdea8a0 3917075 mupdf_0.9.orig.tar.gz 3618b0089aac810c798acb22a2dba91a9f92d3aa 11042 mupdf_0.9-2+deb7u1.debian.tar.gz 431f34d203760fb795c029574156f6f97fd670e2 3226332 libmupdf-dev_0.9-2+deb7u1_amd64.deb 8cee54c0d4a6f06dc6bdf325f555f48948f6d9a4 3149712 mupdf_0.9-2+deb7u1_amd64.deb dc494ed99edcce8dc0e7734cc9e88a15c8870588 3426540 mupdf-tools_0.9-2+deb7u1_amd64.deb Checksums-Sha256: 75f17d70355494ab265faa3c5fdb69ff2d4a046c3e8e46f3b8e63934fed523c3 2028 mupdf_0.9-2+deb7u1.dsc abed825cb1d73e0e28f0a7ee72b5d7a451ba41d21b0c55837ed2a212f3b16b2d 3917075 mupdf_0.9.orig.tar.gz 9f620fed53ab4396ca5180fbf35ed64b09cb0c8ca5204adb5681ce91efcf6beb 11042 mupdf_0.9-2+deb7u1.debian.tar.gz 5a70acd80bc81de40d3f457eaa47a69b826da959108e01d5ad2e2bce4012cdd3 3226332 libmupdf-dev_0.9-2+deb7u1_amd64.deb de596200a3db17f28c3a54035be16ae61805fc05b898e133dd77a2c2537d20d4 3149712 mupdf_0.9-2+deb7u1_amd64.deb 8bc12a79793bdbeb8337229aff7aecf92e7cc2ceebde4d891bfad310ce2bef02 3426540 mupdf-tools_0.9-2+deb7u1_amd64.deb Files: 544961c6667a8e1f54b9dfd6cd13ea4d 2028 text optional mupdf_0.9-2+deb7u1.dsc 76640ee16a797a27fe49cc0eaa87ce3a 3917075 text optional mupdf_0.9.orig.tar.gz 65030eb0a067b4af07b592344422f9cb 11042 text optional mupdf_0.9-2+deb7u1.debian.tar.gz 48f4403198a98e58686bb9a06dd1d095 3226332 libdevel optional libmupdf-dev_0.9-2+deb7u1_amd64.deb 8d5e7f5ac00bb62d73f5062169105c43 3149712 text optional mupdf_0.9-2+deb7u1_amd64.deb 0aa04f429a7bd3a25570d9e49d1edf39 3426540 text optional mupdf-tools_0.9-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTjnPzAAoJEAo5NUq25X3hftsP/3/QGlhA2tmQqKachUQBi7zh MwfLKMkMI4DVpFpKfyYwOrBHFIZKKAlgM52ll4Um5hqCKFRwcqOiRiJ0D5nb6ZGZ osCuvv83sdQBfhnpXynof7D5g2zWVcologwf5J7lrPaJSArogz7uU6E3iXy0sXn5 1xVa+v8O4LAs2fFqzCzWIXnwwXwrb9DxcVFqhjjek6RVtCX07I24JftDc+rQP4Mi 1Rai51tgZqFsfV8QEBBo08YdiWtNVIvhy8bVVKSuV0MhI0cq8jdSAmKBDi3Zdepy jgNp0ODBDXRspOWsi5O2RUPEVEk7KSBdgCEf/z+G15KoVnfWVWLQnk3PJ+ozFXYK tzOW4HaWeMYxU1rlTlyDJFVZjiuFNk3vx79jdZI9ZSw7Juc4tTRHH1mNXt9hV+bs nGWcN3yVuUuw+2ck2BtVuuKOfRxSSwuj5ktnLjMWOef3QPM/eFIYBhbAEL+Md3dR S7/f9worQrhKt3U0nzrctyfUmtH8mI4w9uEvcZsuyyvFhRQmpkQY4awslW7TUQEC NuGD4KET1enkJnCzlEQQlCzY6UI+GHsh7QlOHC3TNG7ZzJY6IVIxVYaTEEFjd+/c OMzG/cUUYyrin9yGGLiW4Bqn7qdiJV1Vnsj3If/9/3aEzJxJ5vCQxQb4PT8OdLvf KBSFATcf4luJwYHgjheN =dE/V -----END PGP SIGNATURE-----
--- End Message ---
