-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Mar 2026 23:52:49 +0100
Source: pymupdf
Binary: python3-pymupdf python3-pymupdf-dbgsym
Architecture: amd64
Version: 1.25.4+ds1-3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Bastian Germann <bage@debian.org>
Description:
 python3-pymupdf - Python binding for MuPDF
Changes:
 pymupdf (1.25.4+ds1-3+deb13u1) trixie; urgency=medium
 .
   * Backport upstream fix for CVE-2026-3029:
     Improved safety of `pymupdf embed-extract`. This now refuses to write to
     an existing file or outside current directory, unless `-output` or new flag
     `-unsafe` is specified.
Checksums-Sha1:
 eecdacdb4e38dff15263f86e2e8a21a2f7dc15e8 7748 pymupdf_1.25.4+ds1-3+deb13u1_amd64-buildd.buildinfo
 cb2d349d5a98f9f414bc38407cedcc4deba91af3 376728 python3-pymupdf-dbgsym_1.25.4+ds1-3+deb13u1_amd64.deb
 397ef0bb3e8bc3ada831a28d74599032167e8183 332192 python3-pymupdf_1.25.4+ds1-3+deb13u1_amd64.deb
Checksums-Sha256:
 452fed8caafa3bf0afa8d1ea955710b359b6b8ff29c9acaa6136602f6355ca91 7748 pymupdf_1.25.4+ds1-3+deb13u1_amd64-buildd.buildinfo
 2c392abb07e7f91102a3a7a69f70e9042b03a1fb5a514901fc609c8e3e962146 376728 python3-pymupdf-dbgsym_1.25.4+ds1-3+deb13u1_amd64.deb
 13b964fcb2f867c412812c4dc31ff6ffb0e9bf97c3b293d4bdcf64857d0ca006 332192 python3-pymupdf_1.25.4+ds1-3+deb13u1_amd64.deb
Files:
 5da4cd26c525540385b38054269f3fdb 7748 python optional pymupdf_1.25.4+ds1-3+deb13u1_amd64-buildd.buildinfo
 dc4814b722b1af95c1060c850e0abf0f 376728 debug optional python3-pymupdf-dbgsym_1.25.4+ds1-3+deb13u1_amd64.deb
 cf219c1f32c6782f9bc352beacde6818 332192 python optional python3-pymupdf_1.25.4+ds1-3+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmnQHPcACgkQPkCWRKsh
20dyHw//XLCmAfUqqUTWRokCJpvKaoiu+hMtVyPfzQyBORmx7gpK3K8oBWSetD7p
NwoA0ZIwCtjo3+tUrgodNDi1bAmUV0sGS2B3JgE39sJ8bti62mGG9e+EpfPG5px5
/NJJJzPfijAx+Dacpg1KiC6jOV19O07EDt502kWavGUtO5FQzkkdJoZx36NMuPpi
wuoDllznjsMj+kavbmOB6X6ftCqzd9g0GCr7Vt37luGushX/JHxnwTOclgNxEwfx
v/gSysP3tu87LJJePOAcYCewz+ZZAHnhlQm9mfey+3BZ4rR9Zb2LbL+78IFNFSBw
vkI9bAsJtsh8QV/O0G3+hbZAmtOtNDkXbrCiSeB0ibGUI0ki44WOB4ipmM22OEZg
yeQElJE6E8j1awPGrz7OeVPqdrFwd42/FLugfXNzjOyVdLiGUQPF84h4YryNIcYL
wCOhYSc5UsHBZmGg+rh5WdP1+pjJgq4fQz9JJsRVGZY0TcKnbe8at0zVb8Vbz1X0
M/Q5YUdetl6UzY9qs1MZvfwWH0mfbAsAN1BrpS9r8tM06MP8gigEnavrkZnn8Q9Q
TFa9tKJXXbob3YYbGDFwU+KmSTGGifulv0dnPZ1htly6T/8vkzgnJZBJHfIimjS6
JS+ZA1XhW0X/9Dd6b0jH/1K40Nm0mT9M9jX5mnBWLgSCmr2Jw9A=
=J3I4
-----END PGP SIGNATURE-----