The author says that the patch to fix CVE-2014-8139 was wrong indeed and he has provided a fixed patch.
Security team: I fixed CVE-2014-9636 (a different problem) yesterday, but since the fix for CVE-2014-8139 was incomplete, you might want to wait just a little bit for my next unstable upload (which will be in short) before making an upload for security.debian.org. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
