Package: release.debian.org The pcb-rnd upstream has released a patch that closes a hole through which arbitrary code can be executed if a user opens a maliciously crafted printed circuit board design file.
There is no known instance of this being exploited in the field, there is no root escalation, and the probability of someone opening a random malicious printed circuit board design file is low. However, upstream has provided a clean patch for version 1.1.4, so I think we should update the package in stable. Discussion with the security team led to the determination that this doesn't meet the bar for a DSA update via security.debian.org, but we agree it would be good to fix via point release. I will prepare and upload a new version 1.1.4-2 targeting the stable distribution later today. Bdale
