-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 14 Mar 2021 16:31:07 +0530 Source: mupdf Binary: libmupdf-dev mupdf mupdf-tools Architecture: source amd64 Version: 1.9a+ds1-4+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - command line tools for the MuPDF viewer Changes: mupdf (1.9a+ds1-4+deb9u7) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. - Thanks to Mark Wooding for the report and the patch. * Fix CVE-2020-26519 correctly. - Check that the factors actually involved in the multiplication can be multiplied safely. The incorrect change from `pix->n' to `pix->h' was inappropriately backported from upstream (where it was correct due to other upstream changes to this code), which (a) fails to guard the vulnerable multiplication correctly, and (b) causes a fatal divide-by-zero exception when confronted with a zero-height image -- a circumstance which occurs quite commonly, e.g., in the result of man -Tpdf false on Debian. Checksums-Sha1: 11379d009b36faebce077118ad0a814d169abd2b 2210 mupdf_1.9a+ds1-4+deb9u7.dsc 2699c33ddc8f33819cd0791f3762a3a268873286 13325139 mupdf_1.9a+ds1.orig.tar.gz d71dba369506e8c5b1abe7d3b80daa92037e9c1d 40220 mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz ba2069c541813ef5330c6e9f328e6618a3036a4a 7304994 libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb b958965242c9119aa3b35ca068f54fdb2663196d 2137334 mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb 66c06c1a5a97116922f0a867efa4c71b865d2192 2394118 mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb 3ff830337ad3543e7d18015e4801700a09f4445b 6911718 mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb a7174009044f1fed10d8e12ada054a6649bb3e41 9036 mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo c868a34cc51fe46f3cbfd86a8b9d0652ffaf9903 6855104 mupdf_1.9a+ds1-4+deb9u7_amd64.deb Checksums-Sha256: 76d56f14331f8c88e5525b2da3c7b26b7656f2411135f531afaeceaaca171131 2210 mupdf_1.9a+ds1-4+deb9u7.dsc 1b5d6126472f99ae2c99f1b474169b752764d63a90d3dd6e6a6f8fac8cdd0b75 13325139 mupdf_1.9a+ds1.orig.tar.gz 00940e22ee03a03a370541ffe5f6e150d7f87cf3822bfe4ddc1b70bab87caefb 40220 mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz 430bb474e8c7277ae0d0e812e669b6330c7f701f7b8b113d8f608751eeef76cf 7304994 libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb e9c233e4cfb2ed95b4494d71ecf07f9a25f868da57d1d243e71affefd8ba881d 2137334 mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb 55ddec3026d9c7cd4169152be271cdc6dd57888545fd5f0dad1e040f208545f5 2394118 mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb 711c7e5676e1d217d77d14f87f55e48faf1d256dc5dcf9b2993b038fad287259 6911718 mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb b8f57ec4a97daf00d83782eb9b3e9f0d0d784cead203e3baa09cd757d29e0cf9 9036 mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo 03e925d91adae2da5931bee63b042b4133ff69a7279f7f280b09bb7eeaaf589c 6855104 mupdf_1.9a+ds1-4+deb9u7_amd64.deb Files: 1e1098f3b12f811ec1910c62e6fb5cfc 2210 text optional mupdf_1.9a+ds1-4+deb9u7.dsc 62e41e176d501171476cf4f6a03d8306 13325139 text optional mupdf_1.9a+ds1.orig.tar.gz 7609fc43de60c4d4226c472f125b8bb3 40220 text optional mupdf_1.9a+ds1-4+deb9u7.debian.tar.xz a61775fca86a21fab46c02b04bbbcb4a 7304994 libdevel optional libmupdf-dev_1.9a+ds1-4+deb9u7_amd64.deb 3acf2edcbc37baf7f8ee60c0d6ae14a3 2137334 debug extra mupdf-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb acc526b72968eb6e249c99da8fd1ee84 2394118 debug extra mupdf-tools-dbgsym_1.9a+ds1-4+deb9u7_amd64.deb 839d1e58cdc181efbc977196bfab48a4 6911718 text optional mupdf-tools_1.9a+ds1-4+deb9u7_amd64.deb 7f38415f2f9c70de6d77fa7637ac95c0 9036 text optional mupdf_1.9a+ds1-4+deb9u7_amd64.buildinfo 28c4773a6e9c96320901df8f5ad9480e 6855104 text optional mupdf_1.9a+ds1-4+deb9u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBN7c0THHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLliMxD/9/TnepAFH5m6fbPW1h5npvtLclX5AA c7zU0KdCjDQI4a22rVdwuDqBonB0Gk4nJkJBRsSv04L8VrFZ2vNRg1NtmE9BElms ggSesGuWvW5YvD6mTp2HKrtO+3YdaMzdAvNSGAh/WFKBj279735YJuLilYKHLIQb RjgOkeHQMpDpB+g1q5DAUmbYEy/32ohXlwSmRdia+ZrVqbzLK2qY4IGZE1oFh661 Mljt7kjq+ugygXFzKCbITGzbEeh6kjC1wyDmNxUEQic1DJVf0bbYXFAaTWqa3+Bd FCUQOSLfV1hFXN8cA/J5P8OAgztvdMGTqwevwkRJCIU/Vq6l3RYl38+yobqddbp8 U/16lhH1e1lxW6vVRnXevcZOXrLqaVkINJcnTKvuQ56YT+R0c3h2Ubqm845PnVuB FZEIHMFVVPASB79MY41Tog+S5L8pxxxHLs3Bkkgbl9eDaHA8g1s5FKhChdGrZV14 xA/T102nyz7IHljZpGuBlVfaf8eJRwce8vnTwuahbXEU1tNsD/NOazH6yHOJSjxy Pf2/Hx/T8YnQmXCtuqzQIwbzZktahON4hSdJ2ey3KpaMltYJG2u+h2jQYtHEbl0J 6LHi2mVY4e4Vk/5AFjYQMBA0beXU+AcIaQfwxPZV+QchaKwzyQvIkbie+wW5N+71 BfQfUzWbqZxgcg== =nmvn -----END PGP SIGNATURE-----