Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-5896 CVE-2017-5991 CVE-2016-8674

Source

Debian Bug report logs - #854734
CVE-2017-5896

Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 9 Feb 2017 22:51:02 UTC

Severity: grave

Tags: security, upstream

Fixed in versions mupdf/1.9a+ds1-3, mupdf/1.5-1+deb8u2

Done: Kan-Ru Chen (陳侃如) <koster@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugs.ghostscript.com/show_bug.cgi?id=69751

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#854734; Package src:mupdf. (Thu, 09 Feb 2017 22:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>. (Thu, 09 Feb 2017 22:51:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: mupdf
Severity: grave
Tags: security

Please see http://seclists.org/oss-sec/2017/q1/322

Cheers,
        Moritz

Set Bug forwarded-to-address to 'https://bugs.ghostscript.com/show_bug.cgi?id=69751'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 14 Feb 2017 10:18:06 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 14 Feb 2017 10:18:08 GMT) (full text, mbox, link).

Reply sent to Kan-Ru Chen (陳侃如) <koster@debian.org>:
You have taken responsibility. (Thu, 16 Feb 2017 16:51:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 16 Feb 2017 16:51:03 GMT) (full text, mbox, link).

Message #14 received at 854734-close@bugs.debian.org (full text, mbox, reply):

Source: mupdf
Source-Version: 1.9a+ds1-3

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 854734@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <koster@debian.org> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 16 Feb 2017 23:43:55 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.9a+ds1-3
Distribution: unstable
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <koster@debian.org>
Description:
 libmupdf-dev - development files for the MuPDF viewer
 mupdf      - lightweight PDF viewer
 mupdf-tools - command line tools for the MuPDF viewer
Closes: 854734
Changes:
 mupdf (1.9a+ds1-3) unstable; urgency=high
 .
   * CVE-2017-5896: use-after-free in fz_subsample_pixmap()  (Closes: #854734)
   * CVE-2017-5991: NULL pointer dereference in pdf_run_xobject()
Checksums-Sha1:
 f4c6130aed9212af9f1db318225b6a942a95d820 2153 mupdf_1.9a+ds1-3.dsc
 24e2f14979a94d3cde5548614857eb047a4eae20 28184 mupdf_1.9a+ds1-3.debian.tar.xz
 2cf7146a88ba1ecfbdda1d26b987423917dfd866 7304840 libmupdf-dev_1.9a+ds1-3_amd64.deb
 bc4afd8803c824db6562ba5fca0082f8c7bbdd25 2138186 mupdf-dbgsym_1.9a+ds1-3_amd64.deb
 155f098a2d5e2bf67e4afbdf809f8a9eac958745 2396152 mupdf-tools-dbgsym_1.9a+ds1-3_amd64.deb
 7be89524310b75ba08f24f1856614522d371d3aa 6905376 mupdf-tools_1.9a+ds1-3_amd64.deb
 2ccdcdc6094f61d92371510b497a896e8abe26e6 7524 mupdf_1.9a+ds1-3_amd64.buildinfo
 329e660e51335a55dbac9b003d96e374ecb9be52 6852908 mupdf_1.9a+ds1-3_amd64.deb
Checksums-Sha256:
 c46821c4bbb7bbaed36356893da77c0baaaf3712558a3ee8e1cc38d312d5f1d3 2153 mupdf_1.9a+ds1-3.dsc
 90296dd627377ca9f5a818262c0d57be157fd74714f33ef8efcee8677908e327 28184 mupdf_1.9a+ds1-3.debian.tar.xz
 2bb440c539b6846f78973e4746c78027cb3d8315a3865aeea3a2e32b7b42b81c 7304840 libmupdf-dev_1.9a+ds1-3_amd64.deb
 6aaf0c18ef5ce6d0a4a4ee9dc3b9b5865f694c5b68c21b29f3db605435aeb7d1 2138186 mupdf-dbgsym_1.9a+ds1-3_amd64.deb
 3cf1f8151d52124fad1c2ec29075f198e858d08d9887c9d2b15470de717cc537 2396152 mupdf-tools-dbgsym_1.9a+ds1-3_amd64.deb
 e3e8853cf08e70745eb39b6a1f7b6c61e723f4a24aab1d85d79a170947d0e211 6905376 mupdf-tools_1.9a+ds1-3_amd64.deb
 57a7b8c24f3c0ef713155c60ec0069c2d6a41994da81bdf74c979b87bdf21ce1 7524 mupdf_1.9a+ds1-3_amd64.buildinfo
 a02446ce66b04423b629af1ab5b3b01fea1dca3ebe18a752e5128e160ded62f0 6852908 mupdf_1.9a+ds1-3_amd64.deb
Files:
 eca38e1309357eed738b836123293306 2153 text optional mupdf_1.9a+ds1-3.dsc
 88b2c300d6d6bade4c8f7ca6198b0f64 28184 text optional mupdf_1.9a+ds1-3.debian.tar.xz
 ce25c5a7f221c07dfcac9e73b36eb56d 7304840 libdevel optional libmupdf-dev_1.9a+ds1-3_amd64.deb
 71b066badbdada9ecf1b2398915c167e 2138186 debug extra mupdf-dbgsym_1.9a+ds1-3_amd64.deb
 d57f13b5ea47ee9bf4c695343b36198c 2396152 debug extra mupdf-tools-dbgsym_1.9a+ds1-3_amd64.deb
 53832f50e95a6dd073baa23bdba68b36 6905376 text optional mupdf-tools_1.9a+ds1-3_amd64.deb
 252ad17974bf2c91e0df4be9d673a318 7524 text optional mupdf_1.9a+ds1-3_amd64.buildinfo
 bf250fea4d8eadede45d8106fdbe708f 6852908 text optional mupdf_1.9a+ds1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAlil01UACgkQCjk1Srbl
feHS2Q/+McqjFbHvPXUpf81eQ/C/eOnhODwacvxR+JwyLcmqmzdJKgQlFpjPBwRD
c/CRDMOnwips5YfZ1OHu9UuvfRGDtY5iR4Kia0lx+fnoYJ25RrXCRyQFYlT8x/cm
c5vWx6lE2NhLUt71nCDf4EScLOIqZZ9p8syS+Ibr5em1kwf5nVXTVFKFga1Ar6wM
+7J3BAf5EbgG5KFScd/sECAcGdTP/mT2v7BN904HO+Rj1BiV8JvW1lgiZ+m8wxSn
W/Z2+7lk9UadhU+s7Dt1WXPMyjOwm6iuThqXz2j5jqb4zkgdDZodnZJNng9fxjTR
rL42IZ6JSkFdk4SGP6Hco7tfcSYLs3pql65DfBvASxuHwCxkzIjzxp1RYp62twhU
lUW2Eetrvbbt5RB3Pws+vtpiZz7ryo7MJfLGYB4qAAAks5i4+jo6MPRRgEiEdHUE
fi3xm0DjlYSuQ8kuo26JbPADPiOYP9eH7HFTAoNz8pXSTiq028TBIy75MukfyGZS
kCJtfN32FoUy1bNHtGGv25oWvmyNoiv9VMZNK/cZrgR7lmnpPd+8lL6crnRll5WM
oi0heyDGA4rHmv/QW4RbBZNKmzDJ7CLc+eppIuzk308JER+hhcVg4ukYxKDZLKOc
WJoYFo6Hlu8BucQFm7CnRfd3Snu89oQlORuKDeB2Q7ZsGWwA6lQ=
=fMy3
-----END PGP SIGNATURE-----

Reply sent to Kan-Ru Chen (陳侃如) <koster@debian.org>:
You have taken responsibility. (Thu, 09 Mar 2017 23:24:07 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 09 Mar 2017 23:24:07 GMT) (full text, mbox, link).

Message #19 received at 854734-close@bugs.debian.org (full text, mbox, reply):

Source: mupdf
Source-Version: 1.5-1+deb8u2

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 854734@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <koster@debian.org> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Feb 2017 01:06:01 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.5-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <koster@debian.org>
Description:
 libmupdf-dev - development files for the MuPDF viewer
 mupdf      - lightweight PDF viewer
 mupdf-tools - commmand line tools for the MuPDF viewer
Closes: 840957 854734
Changes:
 mupdf (1.5-1+deb8u2) jessie-security; urgency=high
 .
   * CVE-2016-8674: heap-use-after-free in pdf_to_num (pdf-object.c) (Closes: #840957)
   * CVE-2017-5896: use-after-free in fz_subsample_pixmap()  (Closes: #854734)
   * CVE-2017-5991: NULL pointer dereference in pdf_run_xobject()
Checksums-Sha1:
 27fcc244a502950ea0bedf3e78220868070345db 2126 mupdf_1.5-1+deb8u2.dsc
 1256aa203ebddbca1db9ef2819226c5ee30ead0e 27716 mupdf_1.5-1+deb8u2.debian.tar.xz
 200b820f3b65e73c9dc9b040c6a5afbc057be0fa 3466342 libmupdf-dev_1.5-1+deb8u2_amd64.deb
 b9ea8a5d681e9681f4ca0841385e94a455454bb1 3414054 mupdf_1.5-1+deb8u2_amd64.deb
 055fb1102af0e4cbcdf76b36764141498cab38be 3421786 mupdf-tools_1.5-1+deb8u2_amd64.deb
Checksums-Sha256:
 9c6ccbc61678f78a1b4f7aa10a1bc8ad95dc03a1e71af417626614baac3d9630 2126 mupdf_1.5-1+deb8u2.dsc
 e21f7cbecdb9f6d2e962dc6acb49259b497125e79b3e9d46307fb7778fd427b4 27716 mupdf_1.5-1+deb8u2.debian.tar.xz
 38f35780958dabf11aafa77216b8bfd0fcbfab58d5761a442ac27048a964d446 3466342 libmupdf-dev_1.5-1+deb8u2_amd64.deb
 afe52b484c087d629da713f5240b1da726bfb50d70e77ff4e2b00c8fb2c93d5d 3414054 mupdf_1.5-1+deb8u2_amd64.deb
 8acc4467e32bdbdb8a25472b43f6344cfb433c49255afc047b178b750bbb6989 3421786 mupdf-tools_1.5-1+deb8u2_amd64.deb
Files:
 916825200dad7a45be341e9c4ea9e11b 2126 text optional mupdf_1.5-1+deb8u2.dsc
 ed70182f15356f361bb665534df4f7cd 27716 text optional mupdf_1.5-1+deb8u2.debian.tar.xz
 4f8f2383bd463db893842b653dcc9d9f 3466342 libdevel optional libmupdf-dev_1.5-1+deb8u2_amd64.deb
 8e857907b34542314f1d2328d3cd456e 3414054 text optional mupdf_1.5-1+deb8u2_amd64.deb
 fffa61aea7678c8764821165a37a9bac 3421786 text optional mupdf-tools_1.5-1+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAlis6nAACgkQCjk1Srbl
feGNrw/+ISfrzdBeTYBk0cauufe67WmtumF2gFKx4y0r2Z5yMRFp53dSZwihWtQX
/8xhXPEZ7xHVcTjPI6akmW0i6ZA2xS7aXz+jV4zSwXz+5GozMEkwJBgLQ8EDw4NF
2HYXsjz1UM4hRuW+fP8WVVTTDIp7H8i+wYOgSIdw2DEKpXtgD/FCJgHDF2qpNXJd
GUtCAINVUKWSniwu3ozRHGHVrPUOIsbql8e7g5Mxg/KCuKqwjBS3bQLIGyjvcCif
UjcaTDzUSF5kt5EeNE8yCbm+OrT5ypGROrK0p2EGXaBQVur9b+7MYfnnrYsisc/M
mTuapqWnKvrV+ICJeOHuXeK/6Lk3z+9GKKBvImlm0y0E3J66cFBWe/I/O7IkFnA4
Hiov6fTX+IElTXI2C8PHLnSozl7tYZT3dhVOYNTz0L64Gm1esjEUZ5ivO5KC4XT2
gSCpNDyDzwaWlPF+7xLN+vtGgbuJT/7VD09lOkuA+ZwuHUpAZp5t2Au94UBeAKr2
BcLYh47aYoG9SO7C8P/AIf85OAl4iJBy1wH5LdzMxAzyJBjdr1qvX/9/IZDFz946
+EHrYZoT87W2E8j075+kzzuKybvUYcBezRRt6vwChv389zpZsJj2jkHeQFDdcf0V
zE2fWLhBgzjmEyhWMtGtV/SjNnuPdIFUJWXwzxPPDDKeB8j9c5g=
=Juow
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 07 May 2017 07:27:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:24:26 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5896

Debian Bug report logs - #854734
CVE-2017-5896

Vulmon Search

About

Products

Connect

CVE-2017-5896

Debian Bug report logs - #854734 CVE-2017-5896

Vulmon Search

About

Products

Connect

Debian Bug report logs - #854734
CVE-2017-5896