Accepted mupdf 1.9a+ds1-4+deb9u7 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 14 Mar 2021 16:31:07 +0530
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.9a+ds1-4+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
libmupdf-dev - development files for the MuPDF viewer
mupdf - lightweight PDF viewer
mupdf-tools - command line tools for the MuPDF viewer
Changes:
mupdf (1.9a+ds1-4+deb9u7) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
- Thanks to Mark Wooding for the report and the patch.
* Fix CVE-2020-26519 correctly.
- Check that the factors actually involved in the multiplication
can be multiplied safely. The incorrect change from `pix->n' to
`pix->h' was inappropriately backported from upstream (where it
was correct due to other upstream changes to this code), which
(a) fails to guard the vulnerable multiplication correctly, and
(b) causes a fatal divide-by-zero exception when confronted with
a zero-height image -- a circumstance which occurs quite commonly,
e.g., in the result of
man -Tpdf false
on Debian.
Checksums-Sha1:
11379d009b36faebce077118ad0a814d169abd2b 2210 mupdf_1.9a+ds1-4+deb9u7.dsc
2699c33ddc8f33819cd0791f3762a3a268873286 13325139 mupdf_1.9a+ds1.orig.tar.gz
d71dba369506e8c5b1abe7d3b80daa92037e9c1d 40220 mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz
ba2069c541813ef5330c6e9f328e6618a3036a4a 7304994 libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb
b958965242c9119aa3b35ca068f54fdb2663196d 2137334 mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
66c06c1a5a97116922f0a867efa4c71b865d2192 2394118 mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
3ff830337ad3543e7d18015e4801700a09f4445b 6911718 mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb
a7174009044f1fed10d8e12ada054a6649bb3e41 9036 mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo
c868a34cc51fe46f3cbfd86a8b9d0652ffaf9903 6855104 mupdf_1.9a+ds1-4+deb9u7_amd64.deb
Checksums-Sha256:
76d56f14331f8c88e5525b2da3c7b26b7656f2411135f531afaeceaaca171131 2210 mupdf_1.9a+ds1-4+deb9u7.dsc
1b5d6126472f99ae2c99f1b474169b752764d63a90d3dd6e6a6f8fac8cdd0b75 13325139 mupdf_1.9a+ds1.orig.tar.gz
00940e22ee03a03a370541ffe5f6e150d7f87cf3822bfe4ddc1b70bab87caefb 40220 mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz
430bb474e8c7277ae0d0e812e669b6330c7f701f7b8b113d8f608751eeef76cf 7304994 libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb
e9c233e4cfb2ed95b4494d71ecf07f9a25f868da57d1d243e71affefd8ba881d 2137334 mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
55ddec3026d9c7cd4169152be271cdc6dd57888545fd5f0dad1e040f208545f5 2394118 mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
711c7e5676e1d217d77d14f87f55e48faf1d256dc5dcf9b2993b038fad287259 6911718 mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb
b8f57ec4a97daf00d83782eb9b3e9f0d0d784cead203e3baa09cd757d29e0cf9 9036 mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo
03e925d91adae2da5931bee63b042b4133ff69a7279f7f280b09bb7eeaaf589c 6855104 mupdf_1.9a+ds1-4+deb9u7_amd64.deb
Files:
1e1098f3b12f811ec1910c62e6fb5cfc 2210 text optional mupdf_1.9a+ds1-4+deb9u7.dsc
62e41e176d501171476cf4f6a03d8306 13325139 text optional mupdf_1.9a+ds1.orig.tar.gz
7609fc43de60c4d4226c472f125b8bb3 40220 text optional mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz
a61775fca86a21fab46c02b04bbbcb4a 7304994 libdevel optional libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb
3acf2edcbc37baf7f8ee60c0d6ae14a3 2137334 debug extra mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
acc526b72968eb6e249c99da8fd1ee84 2394118 debug extra mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb
839d1e58cdc181efbc977196bfab48a4 6911718 text optional mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb
7f38415f2f9c70de6d77fa7637ac95c0 9036 text optional mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo
28c4773a6e9c96320901df8f5ad9480e 6855104 text optional mupdf_1.9a+ds1-4+deb9u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBN7c0THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLliMxD/9/TnepAFH5m6fbPW1h5npvtLclX5AA
c7zU0KdCjDQI4a22rVdwuDqBonB0Gk4nJkJBRsSv04L8VrFZ2vNRg1NtmE9BElms
ggSesGuWvW5YvD6mTp2HKrtO+3YdaMzdAvNSGAh/WFKBj279735YJuLilYKHLIQb
RjgOkeHQMpDpB+g1q5DAUmbYEy/32ohXlwSmRdia+ZrVqbzLK2qY4IGZE1oFh661
Mljt7kjq+ugygXFzKCbITGzbEeh6kjC1wyDmNxUEQic1DJVf0bbYXFAaTWqa3+Bd
FCUQOSLfV1hFXN8cA/J5P8OAgztvdMGTqwevwkRJCIU/Vq6l3RYl38+yobqddbp8
U/16lhH1e1lxW6vVRnXevcZOXrLqaVkINJcnTKvuQ56YT+R0c3h2Ubqm845PnVuB
FZEIHMFVVPASB79MY41Tog+S5L8pxxxHLs3Bkkgbl9eDaHA8g1s5FKhChdGrZV14
xA/T102nyz7IHljZpGuBlVfaf8eJRwce8vnTwuahbXEU1tNsD/NOazH6yHOJSjxy
Pf2/Hx/T8YnQmXCtuqzQIwbzZktahON4hSdJ2ey3KpaMltYJG2u+h2jQYtHEbl0J
6LHi2mVY4e4Vk/5AFjYQMBA0beXU+AcIaQfwxPZV+QchaKwzyQvIkbie+wW5N+71
BfQfUzWbqZxgcg==
=nmvn
-----END PGP SIGNATURE-----