There is now an additional CVE that affects pdfresurrect in buster and stretch:
https://security-tracker.debian.org/tracker/CVE-2019-14934 Neither this one or CVE-2019-14267 are deemed worthy of a DSA however. If you approve the first upload I have prepared for buster and stretch, I will revise it to include the fix for this second CVE, but I will wait for your initial approval before putting any more work into this. Francois -- https://fmarier.org/