Package: potrace Severity: serious Tags: security Hi,
the following vulnerabilities were published for potrace. CVE-2016-8685[0]: invalid memory access in findnext (decompose.c) CVE-2016-8686[1]: memory allocation failure See also: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/ for more. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8685 [1] https://security-tracker.debian.org/tracker/CVE-2016-8686 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8686 Please adjust the affected versions in the BTS as needed. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
