Version in base suite: 1.25.1+ds1-6 Base version: mupdf_1.25.1+ds1-6 Target version: mupdf_1.25.1+ds1-6+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mupdf/mupdf_1.25.1+ds1-6.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mupdf/mupdf_1.25.1+ds1-6+deb13u1.dsc changelog | 8 ++ patches/0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch | 28 ++++++++++ patches/series | 1 3 files changed, 37 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpxnf1q4ix/mupdf_1.25.1+ds1-6.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpxnf1q4ix/mupdf_1.25.1+ds1-6+deb13u1.dsc: no acceptable signature found diff -Nru mupdf-1.25.1+ds1/debian/changelog mupdf-1.25.1+ds1/debian/changelog --- mupdf-1.25.1+ds1/debian/changelog 2025-04-21 22:12:48.000000000 +0000 +++ mupdf-1.25.1+ds1/debian/changelog 2026-04-17 14:00:06.000000000 +0000 @@ -1,3 +1,11 @@ +mupdf (1.25.1+ds1-6+deb13u1) trixie-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Avoid overflow src_stride calculation in unpack_stream (CVE-2026-3308) + (Closes: #1133189) + + -- Salvatore Bonaccorso Fri, 17 Apr 2026 16:00:06 +0200 + mupdf (1.25.1+ds1-6) unstable; urgency=medium * Fix segfault when using get_text() on arm64 (Closes: #1100748) diff -Nru mupdf-1.25.1+ds1/debian/patches/0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch mupdf-1.25.1+ds1/debian/patches/0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch --- mupdf-1.25.1+ds1/debian/patches/0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch 1970-01-01 00:00:00.000000000 +0000 +++ mupdf-1.25.1+ds1/debian/patches/0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch 2026-04-17 13:59:03.000000000 +0000 @@ -0,0 +1,28 @@ +From: Tor Andersson +Date: Mon, 5 Jan 2026 17:54:15 +0100 +Subject: Bug 708990: Avoid overflow src_stride calculation in unpack_stream. +Origin: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85 +Bug-Debian: https://bugs.debian.org/1133189 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-3308 + +By using 64-bit math! +--- + source/fitz/draw-unpack.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source/fitz/draw-unpack.c b/source/fitz/draw-unpack.c +index 048abbf3531b..8c99337dbff2 100644 +--- a/source/fitz/draw-unpack.c ++++ b/source/fitz/draw-unpack.c +@@ -437,7 +437,7 @@ unpack_drop(fz_context *ctx, void *state) + fz_stream * + fz_unpack_stream(fz_context *ctx, fz_stream *src, int depth, int w, int h, int n, int indexed, int pad, int skip) + { +- int src_stride = (w*depth*n+7)>>3; ++ int src_stride = ((int64_t)w*depth*n+7)>>3; // avoid overflow by bumping to 64-bit math + int dst_stride; + unpack_state *state; + fz_unpack_line_fn unpack_line = NULL; +-- +2.53.0 + diff -Nru mupdf-1.25.1+ds1/debian/patches/series mupdf-1.25.1+ds1/debian/patches/series --- mupdf-1.25.1+ds1/debian/patches/series 2025-04-21 22:12:48.000000000 +0000 +++ mupdf-1.25.1+ds1/debian/patches/series 2026-04-17 13:59:11.000000000 +0000 @@ -9,3 +9,4 @@ 0008-define-SONAME-header.patch 0008-Add-fallback-for-missing-SA_NOCLDWAIT.patch 0009-Use-Charis-SIL-ttf-font-directly.patch +0010-Bug-708990-Avoid-overflow-src_stride-calculation-in-.patch