Control: tags -1 + confirmed On 2015-05-26 20:05, Sven Eckelmann wrote:
I'd like to upload the attached patch to stable-proposed-updates to fix#786785 (CVE-2015-3885). The security team marked this one as no-dsa but asked me to propose the fixes for a point release. Would this be ok? The change matches exactimage 0.9.1-5 + the backported "dependency" patch to get the ljpeg_start result validation after the ljpeg_start call. The latter changewas in unstable before 0.9.1-5 and is required to test the patch.
Please go ahead; thanks. Regards, Adam