Control: tags -1 + confirmed On Sun, 2018-04-29 at 20:43 +0200, Salvatore Bonaccorso wrote: > I would like to propose the following ghostscript update via a > stretch > point release. It adresses two CVEs which do not warrant a DSA on > it's > own but would still be good to be adressed in stable. > > It adresses: > - CVE-2018-10194 / 896069. Triggering the poc was not possible here > but the fix consist of doing an additional check in > set_text_distance function. > - CVE-2016-10317, testing happened with the fixed version against > the > provided poc. The fix requires a previous prerequisite change. >
Please go ahead; sorry for the delay. Regards, Adam
