Bug#933636: CVE-2019-14934

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 933636@bugs.debian.org
Cc: Francois Marier <francois@debian.org>, 933637@bugs.debian.org
Subject: Bug#933636: CVE-2019-14934
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 7 Feb 2020 10:14:24 +0100
Message-id: <[🔎] 20200207091424.GA1690332@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 933636@bugs.debian.org
In-reply-to: <d8b96b85c7c39f7db5a8bcd91e3660b1b3eae46d.camel@adam-barratt.org.uk>
References: <20190801085401.GA23159@akranes.dyn.fmarier.org> <20190814062955.GD29207@akranes.dyn.fmarier.org> <20190801085401.GA23159@akranes.dyn.fmarier.org> <d8b96b85c7c39f7db5a8bcd91e3660b1b3eae46d.camel@adam-barratt.org.uk> <20190801085401.GA23159@akranes.dyn.fmarier.org>

Hi Francois,

On Tue, Aug 20, 2019 at 09:42:54PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Tue, 2019-08-13 at 23:29 -0700, Francois Marier wrote:
> > There is now an additional CVE that affects pdfresurrect in buster
> > and
> > stretch:
> > 
> >   https://security-tracker.debian.org/tracker/CVE-2019-14934
> > 
> > Neither this one or CVE-2019-14267 are deemed worthy of a DSA
> > however.
> > 
> > If you approve the first upload I have prepared for buster and
> > stretch, I
> > will revise it to include the fix for this second CVE, but I will
> > wait for
> > your initial approval before putting any more work into this.
> 
> It looks OK to me. Tagging moreinfo until there's a final diff.

Friendly ping, any news? (It's too late now for the upcoming point
release though).

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#933636: CVE-2019-14934
  - From: Francois Marier <francois@debian.org>

Prev by Date: Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1
Next by Date: Bug#950854: buster-pu: package node-anymatch/2.0.0-1+deb10u1
Previous by thread: Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1
Next by thread: Bug#933636: CVE-2019-14934
Index(es):
- Date
- Thread