Bug#983104: RFS: mupdf/1.14.0+ds1-4+deb10u3 [NMU, CVE-2020-16600] -- lightweight PDF viewer

[Bastian Germann <bastiangermann@fishpost.de>]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for the package "mupdf" with the upstream fix 
for CVE-2020-16600 that affects buster:

 * Package name    : mupdf
   Version         : 1.14.0+ds1-4+deb10u3
   Upstream Author : http://mupdf.com/
 * URL             : http://mupdf.com/
 * License         : AGPL-3+
 * Vcs             : https://salsa.debian.org/koster/mupdf
   Section         : text

It builds those binary packages:

  mupdf-tools - command line tools for the MuPDF viewer
  mupdf - lightweight PDF viewer
  libmupdf-dev - development files for the MuPDF viewer

To access further information about this package, please visit the 
following URL:

  https://mentors.debian.net/package/mupdf/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/m/mupdf/mupdf_1.14.0+ds1-4+deb10u3.dsc

Changes since the last upload:

 mupdf (1.14.0+ds1-4+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600)

Regards,
Bastian