Control: tags -1 + moreinfo Control: retitle -1 jessie-pu: package tcpdf/6.0.093+dfsg-1
On Sat, 2017-05-06 at 01:56 +0200, Laurent Destailleur (eldy) wrote: > I request permission to upload a fix of package php-tcpdf to fix > security bug CVE-2015-3935 #814030 > https://sourceforge.net/p/tcpdf/bugs/1005/ > > Fix is as simple as the following patch. Non regression tested with > success on package "dolibarr" and "phpmyadmin". There seems to be some confusion here. CVE-2015-3935 is a previously resolved issue in dolibarr, not tcpdf (bugs are fixed by uploads of source packages, not binary packages), and is not the vulnerability to which #814030 refers. I assume you mean CVE-2017-6100 but, as noted by Raphael in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030#78 , in order to agree an upload we will need a debdiff between the source package that you are proposing to upload and the package in stable, not simply the patch to the code. Regards, Adam
