-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Sep 2021 20:20:04 +0200 Source: mupdf Architecture: source Version: 1.14.0+ds1-4+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org> Changed-By: Anton Gladky <gladk@debian.org> Changes: mupdf (1.14.0+ds1-4+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Import newer upstream version from buster. Fixes: CVE-2018-1000036 CVE-2018-10289 CVE-2017-6060 CVE-2016-10247 CVE-2016-10246 * Fix CVE-2020-19609: heap based buffer over-write in tiff_expand_colormap() function Checksums-Sha1: 74577216908054fd76077e00cb2b3d3df81a1197 2196 mupdf_1.14.0+ds1-4+deb9u1.dsc 2321618e56a908cfa3444f019f805d688d9fa127 24348296 mupdf_1.14.0+ds1.orig.tar.xz 527150a580a8dd1861b4d8ab0aee54dcd249d634 35188 mupdf_1.14.0+ds1-4+deb9u1.debian.tar.xz b72e29852c3c6aa5ea935b6c1f46099963be5042 6972 mupdf_1.14.0+ds1-4+deb9u1_source.buildinfo Checksums-Sha256: ba96cabded284d1d44b1e40696fba7c9a55fb4173b7a755582ec7afc48edb791 2196 mupdf_1.14.0+ds1-4+deb9u1.dsc 289b4f5cb4ffa2f4c9ca67fda5a48deb9615f2ca51f276b5fd9318b62329cc93 24348296 mupdf_1.14.0+ds1.orig.tar.xz 8409b541456cc2ee27902b6f79d1fcc1cc72213e7864cc4034216be5ab3677db 35188 mupdf_1.14.0+ds1-4+deb9u1.debian.tar.xz 9b65193856ed1e0905132b848172b7edfe90d898f6042d2c5d12a2fa7a9befd3 6972 mupdf_1.14.0+ds1-4+deb9u1_source.buildinfo Files: 9eb643b38e9ac2db3ec3cbf989845f0f 2196 text optional mupdf_1.14.0+ds1-4+deb9u1.dsc 10b771cd3389a4e0b8a0deceb5254e96 24348296 text optional mupdf_1.14.0+ds1.orig.tar.xz e9f2d37366fb2281344325a9adbeada9 35188 text optional mupdf_1.14.0+ds1-4+deb9u1.debian.tar.xz facb5c456f63b385ce60d11ed9b5cd10 6972 text optional mupdf_1.14.0+ds1-4+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFMxdEACgkQ0+Fzg8+n /wbBGA//efL9sfyuESMgVsvlg7FqInohERclHcoId9O0NWcRUxgjnKBIemRW/xLq 3lOGE1lXfxv790JteddEmqQbC6JNZfR/SUArbA8Nm/SsXCjJgUoshHkuJla9tkRC 6Whx361VvGgqa5/b4+ZNzGl+2m/TrPk7t9OpGdZtat5nbbzjoLWTt4NWqaUb8TJy VMFkuLHGxSNuHWHk6sPCTC6lBZ8BAYcJPLKbRB6XJ+Jjk5QXQo+csriG6tnnaEAz 2maJaXxZp9gSceydxCfXCiggHJtvraXwwvzLExKqWFpslNgqeP37RtuszLU9fO2x n38F2o1PmDT9JEfyFbE4ZutP/FXMvAtVwOLN5fdZjnI+7P8EEc8bIhRBQeDcSI4c SF+zg9P8m7hPGVy2jnWPmNIIICXjTfo7zpuwqrBIN5lqHPBxqkWdea31Mf6DTVyo /2DNW12c//SW0EMvKSrtpyjo9R5X+vbFblXZ/Vo07dk2EAnONEC1pbAUo4Z/03nO 6L5hgYd/cRbrJ+JjdM+n+frQdlnIVpOJJEYg24JQn5J87fhEUT3RbeoQf87Ci/MJ 66dzEETXRhMEtizY5DjPlKGlJ7RJRYwzAoRvnnw2/WSd8hKxu5Ep/oGv18SAYrkW PmnOeTOYI6IRECHNIx7nyHtoAyYGyPnP924QodGdP/LcGJyRkUg= =R8Tf -----END PGP SIGNATURE-----