Bug#933636: CVE-2019-14934

To: Francois Marier <francois@debian.org>, 933636@bugs.debian.org
Cc: 933637@bugs.debian.org
Subject: Bug#933636: CVE-2019-14934
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 14 Aug 2019 09:07:47 +0200
Message-id: <[🔎] 20190814070747.GA25290@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 933636@bugs.debian.org
In-reply-to: <[🔎] 20190814062955.GD29207@akranes.dyn.fmarier.org>
References: <[🔎] 20190801085401.GA23159@akranes.dyn.fmarier.org> <[🔎] 20190814062955.GD29207@akranes.dyn.fmarier.org> <[🔎] 20190801085401.GA23159@akranes.dyn.fmarier.org>

Hi Francois,

[Important disclaimer: not part of the release team]

On Tue, Aug 13, 2019 at 11:29:55PM -0700, Francois Marier wrote:
> There is now an additional CVE that affects pdfresurrect in buster and
> stretch:
> 
>   https://security-tracker.debian.org/tracker/CVE-2019-14934
> 
> Neither this one or CVE-2019-14267 are deemed worthy of a DSA however.
> 
> If you approve the first upload I have prepared for buster and stretch, I
> will revise it to include the fix for this second CVE, but I will wait for
> your initial approval before putting any more work into this.

If you are confident with all of the changes that they would be
accepted, then you even can already proceeed. Important is though that
you provide the bugreport and a corresponding debdiff to the SRM.

See the announcement on the new workflow:
https://lists.debian.org/debian-devel-announce/2018/04/msg00007.html

Hope this helps!

Regards,
Salvatore

Reply to:

References:
- Bug#933636: stretch-pu: package pdfresurrect/0.12-6
  - From: Francois Marier <francois@debian.org>
- Bug#933636: CVE-2019-14934
  - From: Francois Marier <francois@debian.org>

Prev by Date: Bug#933636: CVE-2019-14934
Next by Date: Bug#934741: stretch-pu: package glib2.0/2.50.3-2+deb9u1
Previous by thread: Bug#933636: CVE-2019-14934
Next by thread: Bug#933636: CVE-2019-14934
Index(es):
- Date
- Thread