-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 security@xxxxxxxxxx https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2017-15587 Debian Bug : 879055 It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file. For the oldstable distribution (jessie), this problem has been fixed in version 1.5-1+deb8u3. For the stable distribution (stretch), this problem have been fixed in version 1.9a+ds1-4+deb9u2. We recommend that you upgrade your mupdf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAloGD7UACgkQbsLe9o/+ N3SHXw//XanAOryOk4TuF8kEFZ3/TPdryr/64h9e9h6JC5Ro0BHX5687agJ+aDwW D1gBgULOsdwZqppRpnT8bcIJmb9KUQPhfbeeQyhkDA7DzpAZRZunpg+Wlbe+saGA ifrZss3y5Ys1w1PJOTOJxwKfWdwHDVwa4Z5Tj18zNBGKLM7LI9bbQ7evcKMob3rB /SsWz0/R+GKZR5M18/0+YKIVllIH0eQI4ZCGu3FkP3oEwbdidtJP1rdc4sZWRmCk NnJw7cotwNmAKlMUCapzK4BMEqMRmT+3eHi+UcIfh2MxDG3ecGF+Ev4Ok3H12FwG 4c3QJFaOMItMbl8U+Av7T6IwIHFPYJoCHEUekiNFIy0U7pLimE53dpZvcLM2Is9d lqDN203nqio1znTPemafqFDCD6E+m8DDegkvAkZ/XDPuTikr4Zlp9NXsq3R54V5l K3LjPhR7HEtu5YbhSHdnZ5Tj1WU765PTXhmu/off4GuKJV/1fRAsZ54fkPtlew0f 0Qj3pabBFNcElB2b81xjVEMHP8WdYyEoUASRUnGdbsZxEmx39ZI0j2Zu6kHJIhTO hwhSUUmx98qBE6pq+97mXoiD4cBOqE309ycDaRWxWq16bBh7u04bv002ROZLqIrg WY0zre1W4BQuSj7GzO1BMzNBdyuoXu0GgQ5yslgy8TkIb/BbHuU= =gE7H -----END PGP SIGNATURE-----