[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1164-1] mupdf security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mupdf
Version        : 0.9-2+deb7u4
CVE ID         : CVE-2017-14687 CVE-2017-15587
Debian Bug     : 877379 879055

Two security issues were discovered in mupdf, a lightweight PDF viewer.

CVE-2017-14687
    MuPDF allows attackers to cause a denial of service or possibly have
    unspecified other impact via a crafted .xps file. This occurs
    because of mishandling of XML tag name comparisons.

CVE-2017-15587
    An integer overflow was discovered in pdf_read_new_xref_section in
    pdf/pdf-xref.c

For Debian 7 "Wheezy", these problems have been fixed in version
0.9-2+deb7u4.

We recommend that you upgrade your mupdf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloBsm9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQFXhAAy1wmJw4IlE/DuGvNNdOW2f2Qynm3e8oTNwqutV1zphxYaCTo45A5K2k2
NjFEPsPHHn/wTZ2UUy7A6p6ecbSrOZT3NHIUGP/0xBLRw+aqCoJilWVxKKsI3fBK
XLHDocrbMT6SrgtOtQsviLwzCU+g9TXaUZJJD3XQXSmPbaZV1n+Q3d8LxIWRdbxr
Yvl7S5PVZonJeSJq3Yu+R4jfhgy7KHELjLoUw337o2iL7Xwn5s29mvz3k415WyLg
qqpH9W3YW0eavwqzN6r/Ejx9hen+XMz75hNVMHtaJ4CksDKB/KlShQSm65o8S3M0
VT6OrWL8DOplVw+2dSWAp8ytUNCYf9ocBfrXovF1PHeo+FpRcN36MboNl0UiqmXL
eUwySIJbRhgMPgdifqzcN6xdmQGmAfypEEkWQT8ZRNQ+y82t2EQM96MI6EhzLqcc
E/mZeHSzmgQ9XLrvCHInKb1bVb9FjE+kBpT8EpL19FJRdxGsRDTY8St8H+gSZlKu
HILyKoVF8xBoIl+VcB/TwhKKqrgPWOhqxQHxWkOr+5dXfXvYxfa1bEiMeakMEHie
+yjiiwKXBG7TxQTghcB6/DIB1C5mMWvoUbGVzpqcpgrXdnkPFrJEtFQc4AMfVZl0
unqQFa7/ki4ziaWNCWk/xwN6sH7wmGLRqNk0lmqdRcmaGbznqhY=
=Di+X
-----END PGP SIGNATURE-----


Reply to: