From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id yFIvGkX3P2CxIQAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 03 Mar 2021 20:53:25 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id aGUIFkX3P2DvAwAA1q6Kng
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 03 Mar 2021 20:53:25 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 278C524DCF
	for <larch@yhetil.org>; Wed,  3 Mar 2021 21:53:25 +0100 (CET)
Received: from localhost ([::1]:37790 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lHYUm-0006k4-CN
	for larch@yhetil.org; Wed, 03 Mar 2021 15:53:24 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34218)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lHYUd-0006jq-Gf
 for guix-devel@gnu.org; Wed, 03 Mar 2021 15:53:15 -0500
Received: from mail.zaclys.net ([178.33.93.72]:48981)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lHYUb-0003aO-KY
 for guix-devel@gnu.org; Wed, 03 Mar 2021 15:53:15 -0500
Received: from guix-xps.local (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 123KrBcm054266
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <guix-devel@gnu.org>; Wed, 3 Mar 2021 21:53:11 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 123KrBcm054266
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1614804791;
 bh=xI95LF4VZK5VJt+TDBVXsi5w5Zmq/j8hWVLDjvpnGQ0=;
 h=Subject:From:To:Date:From;
 b=G6kHX/SXidWO6c7iKxNPZe9JiYyO8Ck4VPSKzmnLBjjFY7zjB9NKImzh8aWwU2rvh
 INo5EDEn/gi0VZRqQuRkegoDMEww/VUESs04BR/sWssH+/IQhJX4zTZpYhxPoKDMGp
 rMEAzngTwJQ+8XGzazg9I59R/X8wnvC/YF7UK8p4=
Message-ID: <a525adccae04b94bac21fedc2b417c2333051aa2.camel@zaclys.net>
Subject: mupdf vulnerable to CVE-2021-3407
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Wed, 03 Mar 2021 21:53:11 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-F23d+ywmyzfNvupzY0i5"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1614804805;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=xI95LF4VZK5VJt+TDBVXsi5w5Zmq/j8hWVLDjvpnGQ0=;
	b=Xvx2mwINH4XFbtQg+HauTWOh6If3MPJ+Vf2n5AiYbbzZTsUhDaxvDWYnbTutawL4LH+55u
	3ch8gySw1jvnZWukuQOXjac+xLuno54JxkaP1b09gt8cx5j3awwG7QHjwhXqnk28VKHwkg
	/4y2pc1YvAEvyL1D5QHzZlz/XHOML+/IDUfQvRVf9ifWnxjt9vWK/V/bo5Y0xfTZq6UJGo
	6AKGZHvhVnWZgwxXGS1sc+cvtblAFd9HRcODkH/Y4dqaTDmHTpspe9QtRm36Gygx9+lOek
	IrHOleREjy5jMq+iH0PR1cbW+zEEyENAbw1zW/KWWZY4Iklxzg52vKwWWVJDUQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1614804805; a=rsa-sha256; cv=none;
	b=M1aAGJtdhp8YPW94X4I36pTt1fhcDLQq++KKgOmkjXIm76kQTgl+aPLnCMQLG0E+QdYdkp
	4ht/zHcSlKAanuG/iUMuUoXQi8O/v74b0Fm6pHiaTUjBn9KVk3LdIFdSRMGHZceAbQGMdP
	4B10eiiQmA/Elzwtz+dvWfZ/1a6ZEaHfG6P9ZypoFeuvv7a5lzhQWbRLUeSIbFzGDxDmc3
	asJeOgaVqy+iSp7kjalPcFljNwQm8Ul05n48As1HK5o8C/lTtH2EHwZeezjNcbWDbdrEr3
	TULtwjzLK0uEnUAFYO8Tzl3WrXYcRi/voMyRfXj/SR0D0Nv/4K8ujh6AWmNEeQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=zaclys.net header.s=default header.b="G6kHX/SX";
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -5.16
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=zaclys.net header.s=default header.b="G6kHX/SX";
	dmarc=pass (policy=reject) header.from=zaclys.net;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 278C524DCF
X-Spam-Score: -5.16
X-Migadu-Scanner: scn1.migadu.com
X-TUID: qRnG5QxU5dGx


--=-F23d+ywmyzfNvupzY0i5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

CVE-2021-3407	24.02.21 00:15
A flaw was found in mupdf 1.18.0. Double free of object during
linearization may lead to memory corruption and other potential
consequences.

mupdf has made no release yet, so you need to cherry-pick the commit:=20
https://git.ghostscript.com/?p=3Dmupdf.git;a=3Dlog;h=3Dcee7cefc610d42fd383b=
3c80c12cbc675443176a

--=-F23d+ywmyzfNvupzY0i5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmA/9zcACgkQRaix6GvN
EKYtyg//fzQeDO65CKpahmLNLWuaKtl5s9tkl097iWOFrFCfIGIT39J+EtBSBAuu
EybYYKPIwncXx9tQeTm19obqUqJ/lnoTuAUI3+Zjz0J033UIJ23bOfq0L2QPEaaA
EIw06uOUw3i5DpxEAT6UG9BgfgqTVnGk09qQfUl98IMA3uEky3gkfNEaBzSMNlTc
agzOwdKE92R0qHExvBtwUzH8XkEcYU7uQMjcnaj221sEB16ogBz4LSd5aYI+vW28
N0aus6lyGd0jFW83KvE7JKsRKuZJFYGuTGY+6z92ylcqxoGrvqcI/XF0TQUEqcKW
zJ0u3oWIX7xkFr3KzrmAbESfId2B48Vp11eFKkCnygds1d86NAPxhyBxdxC8K//7
x7bz4j2TZstbupB628PqrBR11wwU+coP6t/W/QBLt/8WPVY1d5RKIGoDb4ItmcCV
mn1euzrR2O7V6eEKguia4AnEngW2VoANuvd+77FSL5eVDyI3uCks9kN+qiPo92qE
p/W5ftIabZPojdQgZbmWK7a3untmsAueOQeQws3WJRVrGme0ihJ+a7rZJ8aGBOki
gPA0nVOFUAXaT4ghQcLNioFV7W59L7vYvijKTwn3QxgtBOHQ1ibhUQti/UM4SbuC
g4qt7PzfLAWG5VUcksSEEAv6aKJZrJzAbXtFZIr4fcjhrkkN7js=
=zhdp
-----END PGP SIGNATURE-----

--=-F23d+ywmyzfNvupzY0i5--