mupdf 1.10 is out. It fixes some crashes I reported plus bug 589826. Please bump.
(In reply to Agostino Sarubbo from comment #0) > mupdf 1.10 is out. It fixes some crashes I reported plus bug 589826. > > Please bump. So what is the point of this bug? All of the vulnerabilities have opened bugs already. If not, please note the appropriate vulnerabilities within the bug as you usually do.
(In reply to Aaron Bauman from comment #1) > So what is the point of this bug? All of the vulnerabilities have opened > bugs already. If not, please note the appropriate vulnerabilities within the > bug as you usually do. https://blogs.gentoo.org/ago/2016/09/22/mupdf-mutool-infinite-loop-in-gatherresourceinfo-pdfinfo-c/ https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/ https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-my_getline-jstest_main-c/ https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-main-jstest_main-c/ https://blogs.gentoo.org/ago/2016/09/25/mupdf-mujstest-strcpy-param-overlap-in-main-jstest_main-c/ The latest about mujstest still needs a cve assignment.
(In reply to Agostino Sarubbo from comment #2) > (In reply to Aaron Bauman from comment #1) > > So what is the point of this bug? All of the vulnerabilities have opened > > bugs already. If not, please note the appropriate vulnerabilities within the > > bug as you usually do. > > https://blogs.gentoo.org/ago/2016/09/22/mupdf-mutool-infinite-loop-in- > gatherresourceinfo-pdfinfo-c/ > https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num- > pdf-object-c/ > https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer- > overflow-in-my_getline-jstest_main-c/ > https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer- > overflow-in-main-jstest_main-c/ > https://blogs.gentoo.org/ago/2016/09/25/mupdf-mujstest-strcpy-param-overlap- > in-main-jstest_main-c/ > > The latest about mujstest still needs a cve assignment. Ok, so the patches are present in 1.10 and just awaiting CVE assignment?
(In reply to Aaron Bauman from comment #3) > [...] > Ok, so the patches are present in 1.10 and just awaiting CVE assignment? <http://mupdf.com/news>: MuPDF 1.10a (2016-11-28)
See https://github.com/gentoo/gentoo/pull/3108/
1.10a is in tree now. commit 290927105365ff1f2374f383d7135ecf17f41cb1 Author: Michael Weber <xmw@gentoo.org> Date: Mon Jan 23 01:31:02 2017 +0100 app-text/mupdf: Version bump (https://github.com/gentoo/gentoo/pull/3108, thanks charIes17). Package-Manager: Portage-2.3.3, Repoman-2.3.1
Stabilization in progress in bug 589826
commit 2af6b2174d988ef90e8178a6c13839d33af70f35 Author: Michael Weber <xmw@gentoo.org> Date: Sun Feb 5 18:24:55 2017 +0100 app-text/mupdf: Remove old versions (bug 600674, 590480, 589826). Package-Manager: Portage-2.3.3, Repoman-2.3.1
Tree is clean. GLSA Vote: No