[SECURITY] [DLA 589-1] mupdf security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 589-1] mupdf security update
From: Jonas Meurer <mejo@debian.org>
Date: Mon, 8 Aug 2016 12:42:32 +0200
Message-id: <[🔎] 808e8b6d-8647-c8d8-f670-728891e9f3c6@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mupdf
Version        : 0.9-2+deb7u3
CVE ID         : CVE-2016-6525
Debian Bug     : 833417

A flaw was discovered in the pdf_load_mesh_params() function allowing
out-of-bounds write access to memory locations. With carefully crafted
input, that could trigger a heap overflow, resulting in application
crash or possibly having other unspecified impact.

For Debian 7 "Wheezy", these problems have been fixed in version
0.9-2+deb7u3.

We recommend that you upgrade your mupdf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXqGIYAAoJEBvzc5c7ZRqnuREP/R6L6QMe/WDWjVZmRpm/bB2p
dERyIwxrMSUe57V+cyYru1nVZ6uAvDGfGEsJz9IL1aNQc4EZGw9MA6GXQiynFnS+
wQtPNGEuLLXyA7lgH9A4DrCeiEFthNLADXe87GXqgflqY8+oyrGnDs2qjh6/dIzq
3Wh8a8FyYdM6zKgW77zrQFRrNGa4R2OD9wBhUNUFRdgR7BYdMrF3nw7llwGOC/Qj
/iW5Xuh++B7a1pEOscZ36hUnlav/8Trj4hliyg8c3C8hD38wojKjwdSguT42lh1U
nsgG8TvtEAQ9dEH7jC6J108MCgWLXYZ8iZ0FqwKZ6RpreBjjLB6vhQPDVcy8uESB
L5B/B/yFoaI3vJwhTR7WK9IHL/8LiQ4AhJeoHp4Wqtrrx9Hvu2QIu2Hft8usrQlx
cc/8CDvI0IZMkYfJmVNYwOUjOQ5qMd5WIyoNc285+8q1W74jswe6qoodM+gK1uLL
RjMYnHRJfALgjKv80fmQD/v8d7QmP65oKP2Xc/Jc6THu8aGTP0m1ym7HsIygVLQF
wgsImfOIy77Mg4AWA2t+pDsv6wgYgVtxSK1ucY3RuFXwV4ZVQy+ZXolMVttqS085
oc0aG3fVi85JAS882yP0+V15v5RMuzlDUFTG6DrHTPr/rlGAz20gyz9plzS5PMg0
2UwET3tP9FjQ7pLehLZe
=JloS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 588-1] mongodb security update
Next by Date: [SECURITY] [DLA 590-1] python-django security update
Previous by thread: [SECURITY] [DLA 588-1] mongodb security update
Next by thread: [SECURITY] [DLA 590-1] python-django security update
Index(es):
- Date
- Thread