-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2984
                           mupdf security update
                              31 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mupdf
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-13290  

Reference:         ESB-2020.2547

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4753

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4753-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 29, 2020                       https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2019-13290
Debian Bug     : 931475

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight
PDF viewer, which may result in denial of service or the execution of
arbitrary code if a malformed PDF file is opened.

For the stable distribution (buster), this problem has been fixed in
version 1.14.0+ds1-4+deb10u1.

We recommend that you upgrade your mupdf packages.

For the detailed security status of mupdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mupdf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9KbgZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RRgA/+JUZjS9gSPgUAhkjkkDXJi0RfhCrhNT37XccfmjsQ/hKgaRCRGwGPJgWy
vVPCwSoQMhcRt/ZB/WLr8a3BNc86N5drArU5MndQQZEwaXdtu7dAVoUCWC/SosFP
7WRGcrq+Yg7Ui6arRUiGdKx0OOY/426fUFVy/z0rmQPNjHg6M7GqsDOE9PYmOri2
IQoZGBQvfVuxpf5nxMiLgqsG7ZtOKLRKaTeaE7HcVDu043ASagONY2IJTfHf+qoS
RG2m2zaidLklknSKdQ6DqUZ4w1tLjFDeqpEh+mdP819v7KAqJHud8TJKWmiWHXKs
+4IjG5JvrRuJB87nICHIjlMvZF6cecadptopmx/0mZKPeWKVyUBxfLntEoMjlFDX
qY3sGvVIUF9TCL57YBzyrPAD2buI6BVk9NWJk5du0WBz738Dj8mMKo/zn29F97HW
/s5UNDAcoCAqRZbeAk7F/D+BoBDPJWkQBNgNfryaTRjoVh/z38pvWdz2GI/uLJm8
c6Y6ASa0pHUL2+qEkUdP6qloUiAR3+mMi1vpY/8GLm2uNmUlVQwBuxR6Sv841Fe9
7g1X759e0AzJJNH9I16kV7k7xxFLfY1fy2RnISR7A0b878qFIxsrd1dKUH/Fy5Pf
jbpC0SccG7OeaGvThPHQtWe4MpQDCpxWmQ6Fwho7GTMHKCarhEw=
=taBI
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX0yJ6uNLKJtyKPYoAQhKPhAAqYcPU9L8tZdch7Cs2FSh2vDL5V0giAXt
CZTwhKMqFKsHB50i08qAe0N56FbSxbGMwd1Cdx7t/MNJwW8oR5cL5cKu/x8KwfKf
mkM54zUbCwbPGgG7VHo4GDttbtDkYJknX2D52kdsSvRKH+rcIHHs7gKEzy6H1/Wb
ex3MM5uvqDBHnn04HA0U0WWhOyICM2dmvPopi2xLGmRYe7A8T16XnXlQY4RtPSnl
oO204fCeGpQ6mVa8PnA2tjs1xVclVXgBEa4m1RhQaGMEJPojbiRJHF8eZ5iVdPzs
rb1/JU4cKzvJ/glN59+bBnLUdM82/TA4hE2e8yGsv5IBme/eWvgx4ENrb1tgnZJB
6DjnvbKvjLlpnNsDxvSCz+OKU2yhP5MhkO1siN+065jjLAfnetWoY/AollPf+p1+
oN3V7eo8rLfvAmIa0oh9tZNzrnv3K7vpAu8ZhBrOzHltps/XyN7C//DwTAwLEZeM
F5ZjEqGrVhmUUmYUMWKZsk+X8dERjrC37aLxl2ybxHgp2OsEzLICo3YKJRAGG/Oz
6UqJZjTrHHwTl6/VirpKM1wduE8ex/K9Lba0+Yzy6PERfj4+swmVPSVmHSDZevvD
iMy26ye+Ll5shvl5Edi+Y+a7Qcm80MNCjUvji0AAw1sGVefK3JFD3+LmK4MvpLx+
EQuzYkDy9/E=
=kpXV
-----END PGP SIGNATURE-----