-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4794-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 21, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2020-26519
Debian Bug     : 971595

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight
PDF viewer, which may result in denial of service or the execution of
arbitrary code if malformed documents are opened.

For the stable distribution (buster), this problem has been fixed in
version 1.14.0+ds1-4+deb10u2.

We recommend that you upgrade your mupdf packages.

For the detailed security status of mupdf please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/mupdf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+5GAZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qf1RAAl20k7CsNzyT/Fyz82gvwYmF8/apF0lxBHNIoJTVgkI/OM5SBRPa48B6B
HMHSvM+fv3joYMHBJCYjKdlEOqxZJHyRQHaMQlvUROiPPvy52Wys50it3VTH6vQ2
sAYxwGhYGuCBzoUostKhYeriMV1Q2IubiF+FhHRDXp4zRSEDEDSL4Fq3Znxbj5FH
ZoNkwcqfosH/9bavuegAmGlmd+G4ghK09oYZwsWeOrkvo8Z7D/jUB8boRyiOtzR0
9j/TV6TDVjoTpMfgFFwSqGaVwYhUpL1IpGBMLpSHokm4fZ47z07NGG3oP5gcHkKt
QjHYq91Zb2fhBd6VudouhMVGfE2/H/suhM3YjeJJjCSxYjivLH51OUk7mX+xQmA9
z8AwtYxPwChaycp27nEmzOowwLVdlEImFXabzY/S4rXs4azQ522YVNI2M+frIWOQ
0VKUBPR1AKQR0MimGQuWVdRG3XfQhPY9/2MpP4yeMyesMUz40CfDp1aKPVOzJpmr
5hmxDTFq9TOvjEwtJ6yz+ah03ZOQNfKb0JxXcjfwDWXY5yrhXKwUHV7/2J3JKq86
jpEvO1zbiFisyrDYQom0kDWdtaKEGqJTTscSFhPAoqE9VRTcXod8iXkKSC1MdB72
L3heWOxkOAMdUgCV22xxWHeL9JHNz3xCNleTEKdDlCBhZllY6VY=
=kwaT
-----END PGP SIGNATURE-----