Bug#933636: CVE-2019-14934

To: Francois Marier <francois@debian.org>, 933636@bugs.debian.org, 933637@bugs.debian.org
Subject: Bug#933636: CVE-2019-14934
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 20 Aug 2019 21:42:54 +0100
Message-id: <[🔎] d8b96b85c7c39f7db5a8bcd91e3660b1b3eae46d.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 933636@bugs.debian.org
In-reply-to: <[🔎] 20190814062955.GD29207@akranes.dyn.fmarier.org>
References: <[🔎] 20190801085401.GA23159@akranes.dyn.fmarier.org> <[🔎] 20190814062955.GD29207@akranes.dyn.fmarier.org> <[🔎] 20190801085401.GA23159@akranes.dyn.fmarier.org>

Control: tags -1 + moreinfo

On Tue, 2019-08-13 at 23:29 -0700, Francois Marier wrote:
> There is now an additional CVE that affects pdfresurrect in buster
> and
> stretch:
> 
>   https://security-tracker.debian.org/tracker/CVE-2019-14934
> 
> Neither this one or CVE-2019-14267 are deemed worthy of a DSA
> however.
> 
> If you approve the first upload I have prepared for buster and
> stretch, I
> will revise it to include the fix for this second CVE, but I will
> wait for
> your initial approval before putting any more work into this.

It looks OK to me. Tagging moreinfo until there's a final diff.

Regards,

Adam

Reply to:

References:
- Bug#933636: stretch-pu: package pdfresurrect/0.12-6
  - From: Francois Marier <francois@debian.org>
- Bug#933636: CVE-2019-14934
  - From: Francois Marier <francois@debian.org>

Prev by Date: Processed: Re: Bug#933175: buster-pu: package fig2dev/1:3.2.7a-5
Next by Date: Processed: Re: Bug#933636: CVE-2019-14934
Previous by thread: Bug#933636: CVE-2019-14934
Next by thread: Processed: Re: Bug#933636: CVE-2019-14934
Index(es):
- Date
- Thread