Bug#1110518: unblock: mupdf/1.25.1+ds1-7

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1110518: unblock: mupdf/1.25.1+ds1-7
From: Kan-Ru Chen (陳侃如) <koster@debian.org>
Date: Thu, 7 Aug 2025 22:12:44 +0900
Message-id: <[🔎] oy4wuahbds5t4iabsl2pbwrpyegnzgdaq5r5d32u6hs22ap7xj@eiqdrv7yhvmb>
Reply-to: Kan-Ru Chen (陳侃如) <koster@debian.org>, 1110518@bugs.debian.org

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: mupdf@packages.debian.org
Control: affects -1 + src:mupdf
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mupdf

[ Reason ]
This update backports a denial-of-service fix from upstream (CVE-2025-46206)
https://security-tracker.debian.org/tracker/CVE-2025-46206

[ Impact ]
Users running mupdf or mutool as a service is vulnerable
to remote denial of service attacks via an infinite recursion.

[ Tests ]
Manually tested with reproducer from upstream.

[ Risks ]
Upstream fix is relatively simple that targets only the
infinite recursion problem, so should not have other unwanted
side effects.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
N/A

unblock mupdf/1.25.1+ds1-7

Attachment: mupdf_1.25.1+ds1-7.debdiff.gz
Description: application/gzip

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: unblock: mupdf/1.25.1+ds1-7
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1110518: marked as done (unblock: mupdf/1.25.1+ds1-7)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: VITRUM Client Directory
Next by Date: Processed: unblock: mupdf/1.25.1+ds1-7
Previous by thread: VITRUM Client Directory
Next by thread: Processed: unblock: mupdf/1.25.1+ds1-7
Index(es):
- Date
- Thread