Bug 19603

Summary: mupdf new security issues (including CVE-2016-8674)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mupdf-1.5-4.4.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-10-16 22:37:39 CEST 
A CVE has been assigned for a security issue fixed upstream in mupdf:
http://openwall.com/lists/oss-security/2016/10/16/8

A commit to fix it is linked in the message above.

There are also three CVE requests for issues fixed in mujstest (part of mupdf):
http://openwall.com/lists/oss-security/2016/10/16/19
http://openwall.com/lists/oss-security/2016/10/16/20
http://openwall.com/lists/oss-security/2016/10/16/21

There are links to upstream commits to fix those as well.
Comment 1 Marja Van Waes 2016-10-17 10:56:08 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => rverschelde

Comment 2 Rémi Verschelde 2016-10-18 11:34:46 CEST 
/me should not have un-broken mupdf in Mageia 5 :P

Status: NEW => ASSIGNED

Comment 3 David Walser 2016-10-31 02:20:43 CET 
CVE-2016-9108:
http://openwall.com/lists/oss-security/2016/10/30/12

Another mujs issue, not sure if we're affected.
Comment 4 David Walser 2016-10-31 02:22:13 CET 
CVE-2016-9109:
http://openwall.com/lists/oss-security/2016/10/30/13

Yet another mujs issue.
Comment 5 Rémi Verschelde 2016-10-31 15:47:15 CET 
mujs issues don't affect us, but well I'm glad we dropped this package in Cauldron :P

I'll try to review existing issues that might affect us in Mageia 5 and see what I can do.
Comment 6 Rémi Verschelde 2017-03-06 18:21:53 CET 
Superseded by bug 20310.

*** This bug has been marked as a duplicate of bug 20310 ***

Status: ASSIGNED => RESOLVED
Resolution: (none) => DUPLICATE