On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote: > > The update fixes two vulnerabilities with low priority, i.e. > > the security team has decided not to issue a DSA. > > > > [ Impact ] > > CVE-2022-34300: Heap overflow in DecodePixelData > > CVE-2022-38529: Heap overflow in rleUncompress > > > > + * Fix low-priority vulnerabilities > > I'm not sure I'd use that wording in a changelog personally - more > likely just "fix security issues" or "backport fixes" or similar - > but > it's up to you.
Hmmm. The debdiff you've uploaded is rather larger than I was expecting, or was proposed. That appears to be (which I should have spotted earlier) because stable has 1.0.0+dfsg-1 and your upload is based on 1.0.*1*+dfsg-1. Regards, Adam
