Control: tags -1 + pending On Sat, 2018-05-26 at 11:09 +0200, Salvatore Bonaccorso wrote: > Hi, > > On Sat, May 26, 2018 at 09:39:12AM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sun, 2018-04-29 at 20:43 +0200, Salvatore Bonaccorso wrote: > > > I would like to propose the following ghostscript update via a > > > stretch > > > point release. It adresses two CVEs which do not warrant a DSA on > > > it's > > > own but would still be good to be adressed in stable. > > > > > > It adresses: > > > - CVE-2018-10194 / 896069. Triggering the poc was not possible > > > here > > > but the fix consist of doing an additional check in > > > set_text_distance function. > > > - CVE-2016-10317, testing happened with the fixed version > > > against > > > the > > > provided poc. The fix requires a previous prerequisite change. > > > > > > > Please go ahead; sorry for the delay. > > Thank you! Uploaded.
Flagged for acceptance; thanks. Regards, Adam
