On Sun, Jan 15, 2017 at 06:05:02PM -0500, Mark H Weaver wrote:
> Hi Leo,
> 
> Leo Famulari <leo@famulari.name> writes:
> 
> > From 34cc0dc9d9451d540f8733ebca2a3db54a073aa0 Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <mbakke@fastmail.com>
> > Date: Thu, 12 Jan 2017 19:06:55 +0100
> > Subject: [PATCH 1/2] gnu: mupdf: Fix CVE-2016-{10132,10133} in bundled mujs.
> >
> > * gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch,
> > gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch: New files.
> > * gnu/local.mk (dist_patch_DATA): Add them.
> > * gnu/packages/pdf.scm (mupdf)[replacement]: New field.
> 
> We should indeed add a 'replacement' field to 'mupdf', but that part of
> the patch seems to have gotten lost:

I suspected something was wrong. Thank you for catching this.

And thanks to Marius as well! I'm happy to be collaborating on these
commits.

I pushed the changes as 8afabb2eca954af6fbba8c6ae37e8f0bc3047840.