* mupdf vulnerable to CVE-2021-3407
@ 2021-03-03 20:53 Léo Le Bouter
2021-03-05 4:55 ` Kei
0 siblings, 1 reply; 2+ messages in thread
From: Léo Le Bouter @ 2021-03-03 20:53 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 339 bytes --]
CVE-2021-3407 24.02.21 00:15
A flaw was found in mupdf 1.18.0. Double free of object during
linearization may lead to memory corruption and other potential
consequences.
mupdf has made no release yet, so you need to cherry-pick the commit:
https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: mupdf vulnerable to CVE-2021-3407
2021-03-03 20:53 mupdf vulnerable to CVE-2021-3407 Léo Le Bouter
@ 2021-03-05 4:55 ` Kei
0 siblings, 0 replies; 2+ messages in thread
From: Kei @ 2021-03-05 4:55 UTC (permalink / raw)
To: Léo Le Bouter, guix-devel
[-- Attachment #1: Type: text/plain, Size: 480 bytes --]
I just patched this in commit 6891f957. Thanks for the heads up!
On Wed, 2021-03-03 at 21:53 +0100, Léo Le Bouter wrote:
> CVE-2021-3407 24.02.21 00:15
> A flaw was found in mupdf 1.18.0. Double free of object during
> linearization may lead to memory corruption and other potential
> consequences.
>
> mupdf has made no release yet, so you need to cherry-pick the commit:
> https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 862 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-05 4:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-03 20:53 mupdf vulnerable to CVE-2021-3407 Léo Le Bouter
2021-03-05 4:55 ` Kei
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).