A CVE has been assigned for a security issue in mupdf: http://openwall.com/lists/oss-security/2016/07/21/7 There doesn't appear to be a fix available yet.
Whiteboard: (none) => MGA5TOO
Already assigning to all packagers collectively, since there is no maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Patched packages uploaded for Mageia 5 and Cauldron. PoC attached to upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=696941 Advisory: ======================== Updated mupdf packages fix security vulnerability: Use-after-free issue in mupdf in pdf_load_xref() can cause a denial of service (CVE-2016-6265). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 http://openwall.com/lists/oss-security/2016/07/21/7 ======================== Updated packages in core/updates_testing: ======================== mupdf-1.5-4.2.mga5 libmupdf-devel-1.5-4.2.mga5 from mupdf-1.5-4.2.mga5.src.rpm
Version: Cauldron => 5Blocks: (none) => 17536Assignee: pkg-bugs => qa-bugsWhiteboard: MGA5TOO => has_procedure
mga5-32 Installed the software and ran mupdf-x11 cw_best_places_2015_listings.pdf mujstest cw_best_places_2015_listings.pdf (watched things scroll by) mudraw - it told me I have nothing to do (that's a Lie!!!) Reviewed the best places to work from beginning to end. Software is working as designed.
CC: (none) => brtians1Whiteboard: has_procedure => has_procedure mga5-32-ok
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0268.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/695560/