I have prepared a new version of libagg-dev that fixes #377270 and I was about to ask the package sponsor to upload it when this issue surfaced. I will fold in fixes for the new bugs too.
-- john On Mon, 14 Jan 2019 23:27:23 +0100 Moritz Muehlenhoff <j...@debian.org> wrote: > Source: agg > Severity: grave > > Please see > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6245 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6247 > > Given that the package isn't exactly fast-moving, how about > revisiting #377270 for buster? Right now we need to coordinate > rebuilds against the fixed agg... > > Cheers, > Moritz > >