mupdf - Debian Package Tracker

general

source: mupdf (main)
version: 1.25.1+ds1-9
maintainer: Kan-Ru Chen (陳侃如) (DMD)
uploaders: Daniel Echeverri [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.17.0+ds1-2
o-o-sec: 1.17.0+ds1-2+deb11u1
oldstable: 1.21.1+ds2-1
stable: 1.25.1+ds1-6
testing: 1.25.1+ds1-7
unstable: 1.25.1+ds1-9

versioned links

1.17.0+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.0+ds1-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.1+ds2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.1+ds1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.1+ds1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.1+ds1-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmupdf-dev
libmupdf25.1
mupdf (23 bugs: 0, 14, 9, 0)
mupdf-tools (2 bugs: 0, 2, 0, 0)
python3-mupdf (1 bugs: 1, 0, 0, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://mupdf.com/releases/

Created: 2025-11-26 Last update: 2025-12-26 05:00

Marked for autoremoval on 08 January: #1121388 high

Version 1.25.1+ds1-7 of mupdf is marked for autoremoval from testing on Thu 08 Jan 2026. It is affected by #1121388. The removal of mupdf will also cause the removal of (transitive) reverse dependencies: apvlv, img2pdf, impressive, impressive-display, ippsample, k2pdfopt, krop, pdf2docx, plakativ, pymupdf, sioyek. You should try to prevent the removal by fixing these RC bugs.

Created: 2025-12-02 Last update: 2025-12-26 04:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-55780: A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Created: 2025-09-24 Last update: 2025-10-27 01:31

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-55780: A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Created: 2025-09-24 Last update: 2025-10-27 01:31

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2025-11-01 Last update: 2025-12-26 04:30

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-12-26 04:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.27.0+ds1-1, distribution experimental) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 94876f8607c6bdf9875a6f2408569b8c58563f07
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Thu Dec 18 23:47:13 2025 -0500

    Add arch-specific symbol tags for i386/amd64 ABI differences

commit 71af654e6de2d74d35799d2db6d8f88cdc8627b3
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Thu Dec 18 23:45:03 2025 -0500

    Add missing hardening flags in Python SWIG compilation step

commit 29c30ecc1614907670350dc95e8e26beab559a8c
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Thu Dec 18 17:23:55 2025 -0500

    Add fonts-noto-ui-core in B-D

commit 6c6ec1b7b64c8e1481ab07cc8502ffa60a858710
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:40:20 2025 -0500

    Rename libmupdf25.1.install to libmupdf27.0.install

commit 0a36d4dbbe800c6c363d44277e823d3cfabca725
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:39:44 2025 -0500

    update clean file

commit 4c5a94bb50d110342b13d642380ee769d6ae8d9a
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:39:06 2025 -0500

    Remove old symbols file

commit 1e82493264becf2ef15eaab4bda4f743e4640a3e
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:37:13 2025 -0500

    update changelog file

commit 2c8da706876312e977144403287faf441f0ff27a
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:35:42 2025 -0500

    Force libmujs-dev (>= 1.3.8)

commit ab6908c66279dd9c62c022ad8014e26c4385f6ef
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:35:13 2025 -0500

    Add new symbols

commit f4218ecde92f169e44a1bad1b518453d078b6812
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Wed Dec 17 01:32:16 2025 -0500

    add override_dh_clean to remove resources/fonts/urw/input/*.t1 except NimbusBoxes.t1

commit 198767ab857ba23e7d27b5bcf1c6fa4719df3eaa
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 22:30:58 2025 -0500

    Fix groff errors in mutool manpage

commit bae32f896657ea8af4eabf531b9fb62b62b78f78
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 22:25:28 2025 -0500

    Remove unavailable and unwanted Sphinx extensions

commit 04ac800dea565f63c34d16e5a46d549886f06dbd
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 22:25:02 2025 -0500

    Exclude Noto fonts not available in Debian packages

commit 424d83f1cb84a93c9fd9b49d8ab09b304d639523
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 22:01:32 2025 -0500

    Inline mujs regexp definitions to build against system libmujs

commit 78b68c08f9129aa85fd7f2d1e5763a1526b286de
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:45:18 2025 -0500

    Provide muraster doc from debian/ since upstream no longer ships it

commit 1c119770cd164fa8d55cfc33ded5510dbc422806
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:42:49 2025 -0500

    Adjust install paths for relocated muraster binary

commit fe1b4b47e9193648cd4d8c276fb4d4c1771f6d89
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:38:01 2025 -0500

    Rename lib package to libmupdf27.0 for new soname

commit 3edcb7372330b7563d2c87af1ab2ac50c41da5fa
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:35:37 2025 -0500

    Disable parallel builds to avoid build issues

commit e4535acb1b164aa5f78953a4a412abd996b006eb
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:31:28 2025 -0500

    update clean file

commit 3b5702f5c9654bbb6ec97c5f339ff01700935f9a
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:31:04 2025 -0500

    Refresh other patches

commit 099d59e1ea2f8b46c1e566e1acd82f37d20df464
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 21:30:42 2025 -0500

    Remove patches, merge with upstream

commit 05f2df19fbe3e3746f3c28d199d9a61899849bf7
Merge: 82abfe4 6786ac8
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 20:50:13 2025 -0500

    Update upstream source from tag 'upstream/1.27.0+ds1'
    
    Update to upstream version '1.27.0+ds1'
    with Debian dir 4332b3aec35a9d9b7ea94db1f5718298efe634b8

commit 6786ac8c0cab4d8ce4822b51b3c2e13d832e3230
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 20:50:03 2025 -0500

    New upstream version 1.27.0+ds1

commit 82abfe4223628364a1d1cf1a62b60d847c8de513
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 20:48:46 2025 -0500

    update watch file to fetch urls correctly

commit 512065d2e3bb76db2a1a2945ae2ac92a81603f2b
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Tue Dec 16 20:48:05 2025 -0500

    Add new entries in Files-Excluded, we use debian system libraries

commit 0c9f8e9d25e8e007958ad0bf5f0589072043d703
Merge: 4f4bb09 474ed32
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Mon Dec 16 20:05:30 2024 +0000

    Merge branch 'upstream' into 'upstream'
    
    New upstream version 1.25.1+ds1
    
    See merge request debian/mupdf!10

commit 474ed32154a4b871dc74ff30874a228f3bc66131
Author: Daniel Echeverri <epsilon@debian.org>
Date:   Sat Dec 7 15:21:17 2024 -0500

    New upstream version 1.25.1+ds1

Created: 2025-12-17 Last update: 2025-12-26 03:01

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libmupdf25.1 could be marked Multi-Arch: same

Created: 2025-10-28 Last update: 2025-12-26 00:30

debian/patches: 10 patches to forward upstream low

Among the 12 debian patches available in version 1.25.1+ds1-9 of the package, we noticed the following issues:

10 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-10-27 10:02

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-46206: (needs triaging) An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
CVE-2025-55780: (needs triaging) A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-10-27 01:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2025-46206: (needs triaging) An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
CVE-2025-55780: (needs triaging) A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-04 Last update: 2025-10-27 01:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.2).

Created: 2025-12-23 Last update: 2025-12-23 20:00

testing migrations

excuses:
- Migration status for mupdf (1.25.1+ds1-7 to 1.25.1+ds1-9): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating mupdf would introduce bugs in testing: #1119022, #1122041, #1123406
- ∙ ∙ Autopkgtest for pymupdf/1.25.4+ds1-4: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), riscv64: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- Additional info (not blocking):
- ∙ ∙ Updating mupdf will fix bugs in testing: #1121388
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/m/mupdf.html
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 60 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-10-26] Accepted mupdf 1.25.1+ds1-9 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2025-10-25] Accepted mupdf 1.25.1+ds1-8 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2025-09-23] mupdf 1.25.1+ds1-7 MIGRATED to testing (Debian testing watch)
[2025-08-22] Accepted mupdf 1.17.0+ds1-2+deb11u1 (source) into oldoldstable-security (Chris Lamb)
[2025-08-07] Accepted mupdf 1.25.1+ds1-7 (source) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)
[2025-05-02] mupdf 1.25.1+ds1-6 MIGRATED to testing (Debian testing watch)
[2025-04-22] Accepted mupdf 1.25.1+ds1-6 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2025-02-14] mupdf 1.25.1+ds1-5 MIGRATED to testing (Debian testing watch)
[2025-01-11] Accepted mupdf 1.25.1+ds1-5 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2025-01-07] Accepted mupdf 1.25.1+ds1-4 (source amd64) into experimental (Debian FTP Masters) (signed by: Daniel Echeverry)
[2025-01-02] Accepted mupdf 1.25.1+ds1-3 (source) into experimental (Daniel Echeverri) (signed by: Daniel Echeverry)
[2024-12-31] Accepted mupdf 1.25.1+ds1-2 (source) into experimental (Daniel Echeverri) (signed by: Daniel Echeverry)
[2024-12-21] Accepted mupdf 1.25.1+ds1-1 (source amd64) into experimental (Debian FTP Masters) (signed by: Daniel Echeverry)
[2024-10-16] mupdf 1.24.10+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-10-11] Accepted mupdf 1.24.10+ds1-1 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2024-10-05] mupdf 1.24.9+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-09-29] Accepted mupdf 1.24.9+ds1-1 (source) into unstable (Daniel Echeverri) (signed by: Daniel Echeverry)
[2024-09-01] mupdf 1.24.8+ds2-2 MIGRATED to testing (Debian testing watch)
[2024-08-27] Accepted mupdf 1.24.8+ds2-2 (source amd64) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)
[2024-08-23] Accepted mupdf 1.24.8+ds2-1 (source) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)
[2024-06-30] mupdf 1.24.3+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-06-17] Accepted mupdf 1.24.3+ds1-1 (source) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)
[2024-02-17] mupdf 1.23.10+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-02-12] Accepted mupdf 1.23.10+ds1-2 (source amd64) into experimental (Debian FTP Masters) (signed by: Kan-Ru Chen)
[2024-02-12] Accepted mupdf 1.23.10+ds1-1 (source) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)
[2023-12-10] mupdf 1.23.7+ds1-1 MIGRATED to testing (Debian testing watch)
[2023-12-10] mupdf 1.23.7+ds1-1 MIGRATED to testing (Debian testing watch)
[2023-12-04] Accepted mupdf 1.23.7+ds1-1 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2023-11-24] mupdf 1.23.6+ds1-1 MIGRATED to testing (Debian testing watch)
[2023-11-18] Accepted mupdf 1.23.6+ds1-1 (source) into unstable (Kan-Ru Chen (陳侃如)) (signed by: Kan-Ru Chen)

bugs [bug history graph]

all: 30
RC: 3
I&N: 18
M&W: 9
F&P: 0
patch: 2

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.25.1+ds1-7build1
9 bugs