Control: close -1 Hi,
On Tue, Jul 25, 2023 at 10:26:06PM +0100, Jonathan Wiltshire wrote: > Control: tag -1 confirmed > > Hi, > > On Mon, Jan 16, 2023 at 07:41:21AM +0100, László Böszörményi wrote: > > On Mon, Jan 16, 2023 at 6:38 AM Salvatore Bonaccorso <[email protected]> > > wrote: > > > On Sun, Jan 15, 2023 at 04:57:24PM -0500, Daniel Kahn Gillmor wrote: > > > > I was looking into CVE-2022-24859 and pypdf2, and trying to figure out > > > > whether the version in bullseye is still vulnerable, as it appears to be > > > > according to the security tracker: > > [...] > > > It is still unfixed in bullseye TTBOMK, but would not warrant a DSA. > > Indeed, it's not yet fixed for Bullseye and doesn't warrant a DSA as > > the max impact is an infinite loop in the user's own process. > > > > > Can you propose a fix for it with cherry-picking the pull request > > > changes for the next bullseye point release? > > Correct, it needs to go via Bullseye point update. I attached the > > short change which has the original commit as Salvatore noted. > > Either of the proposed diffs is fine; please go ahead. This package has not been uploaded in time for two consecutive point releases now, so I am closing the request. Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
