{"affected":[{"ecosystem_specific":{"binaries":[{"mupdf":"1.20.3-bp154.2.3.1","mupdf-devel-static":"1.20.3-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"mupdf","purl":"pkg:rpm/suse/mupdf&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.3-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mupdf":"1.20.3-bp154.2.3.1","mupdf-devel-static":"1.20.3-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"mupdf","purl":"pkg:rpm/opensuse/mupdf&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.3-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mupdf fixes the following issues:\n\nmupdf was updated to 1.20.3:\n\n* return error, not success when unable to lock native device resource.\n* Bug 705620: Start journal operation instead of pushing local xref.\n* Ensure AndroidDrawDevice is destroyed, even upon exception.\n* source/pdf/pdf-clean.c: fix segv from incorrect call to fz_drop_pixmap().\n* Bug 705681: Enclose code in begin/end operation.\n* Guard against SEGVs when calling archive functions with NULL archive.\n\nmupdf was updated to 1.20.0 (boo#1202858, CVE-2021-4216):\n\n* Experimental C# bindings\n* Cross compilation should no longer need a host compiler\n* Major additions to JNI bindings\n* New API to edit outline\n* New API to resolve and create links\n* New API to toggle individual layers in PDF\n* Layer panel in mupdf-gl\n* Layer option in mutool draw\n* New API to add a Javascript console\n* Console panel in mupdf-gl\n* Text search API extended to be able to distinguish between separate search hits\n* Command line tool improvements:\n* all: Negative page numbers to index from the last page\n* mutool draw: Add option to render document without text\n* mutool draw and convert: Support DPI option in text and HTML output\n* New hybrid HTML output format using 'scripts/pdftohtml' script:\n* Graphics in a background image\n* Text on top\n* Improved WASM viewer demo\n* Support high DPI screens\n* Progressive loading\n* Update to zlib 1.2.12 for security fix \n\nmupdf was updated to 1.19.1:\n\n* Updated zlib to 1.2.12 due to CVE-2018-25032\n","id":"openSUSE-SU-2022:10126-1","modified":"2022-09-17T18:01:24Z","published":"2022-09-17T18:01:24Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3URMJJJ2MKM4FNDYFMSSIEJDTNENDZRU/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202858"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-25032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4216"}],"related":["CVE-2018-25032","CVE-2021-4216"],"summary":"Security update for mupdf","upstream":["CVE-2018-25032","CVE-2021-4216"]}