lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 4 Nov 2018 21:39:20 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4334-1] mupdf security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4334-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 04, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2017-17866 CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 
                 CVE-2018-1000037 CVE-2018-1000040

Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book
viewer which could result in denial of service or the execution of
arbitrary code if malformed documents are opened.
	
For the stable distribution (stretch), these problems have been fixed in
version 1.9a+ds1-4+deb9u4.

We recommend that you upgrade your mupdf packages.

For the detailed security status of mupdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mupdf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvfZTUACgkQEMKTtsN8
Tja0rw//RwBZDEq1mzdz/fkBd6bz/F7tgFD35FmFJLpBirVgsDCxGalBUVmcNA0z
e26I/vohg6DgRNulBnZB+6OcCPkIdSRm7kiA+3rLLwjye+epnrE9JTix6WbjC4Ca
GUgK0Smbu4mdCnLowzSucL6hLQkptx2NGsXLh+g8VgQ5Df6UI1zsNuxPif8U40nK
zDtaKO1ex2b97W4u9burN1lsyxcnIjV4PDJVHy3NVEFhlz69hoHI2Z3u0tCNsNeK
Ouyrjk7KgllWvYWCYzRpjKEzdtvOhuLfz9fdRW74uL+TXI4diOB4i3JZayzsd29F
2L+QzN3GqM8jmiHUmTqLvDoeJb3N9TIpE7JhSj9kIwEdpo7K4WR2rvjSTIEltKbY
6Smkp5wmWu0GV5Ogo6NNYEJOHCHDKRx7H4ngp1lA7D5zGe7AgxeRflRGxzrU/xo+
sc4eSpzFnF3Jz0LYJruZx2P37QXwG03HMNn5xNcwbWfB3cor1ehEup/hYZEpnmSo
1dphDlHYNnzDAeVQiCUK2TCkBnDSE5h1jZtprJom4S8T0gRnUQbogGF3IMResGU8
BrqwX+14VyZSe8Eib4Svphsd5ZjwsPOEKQyE4qhugF/ew7vUu8h8ItnBx35kjlFj
uaIzmo5LwPFx5KKqSffBVlaD+zbG+Jgg3kUvLyzO6/l2Xq8mFDk=
=Xd5e
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists