A CVE has been assigned for a security issue fixed upstream in mupdf: http://openwall.com/lists/oss-security/2016/10/16/8 A commit to fix it is linked in the message above. There are also three CVE requests for issues fixed in mujstest (part of mupdf): http://openwall.com/lists/oss-security/2016/10/16/19 http://openwall.com/lists/oss-security/2016/10/16/20 http://openwall.com/lists/oss-security/2016/10/16/21 There are links to upstream commits to fix those as well.
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => rverschelde
/me should not have un-broken mupdf in Mageia 5 :P
Status: NEW => ASSIGNED
CVE-2016-9108: http://openwall.com/lists/oss-security/2016/10/30/12 Another mujs issue, not sure if we're affected.
CVE-2016-9109: http://openwall.com/lists/oss-security/2016/10/30/13 Yet another mujs issue.
mujs issues don't affect us, but well I'm glad we dropped this package in Cauldron :P I'll try to review existing issues that might affect us in Mageia 5 and see what I can do.
Superseded by bug 20310. *** This bug has been marked as a duplicate of bug 20310 ***
Status: ASSIGNED => RESOLVEDResolution: (none) => DUPLICATE