On Mon, Jan 09, 2017 at 09:39:30PM +0100, Raphael Hertzog wrote:
> Hi everybody,
>
> On Thu, 05 Jan 2017, Raphael Hertzog wrote:
> > CCing upstream author for confirmation. Nicola we are trying to understand
> > what security fix went into tcpdf 6.2.0. The bug is private on
> > sourceforge, could you make it public now?
>
> The upstream bug is now public:
> https://sourceforge.net/p/tcpdf/bugs/1005/
Since K_TCPDF_CALLS_IN_HTML defaults to jessie, we should fix this in jessie.
Could someone of the maintainers prepare an update?
Cheers,
Moritz