Source: potrace Version: 1.14-2 Severity: minor Tags: upstream security Hi,
the following vulnerability was published for potrace. CVE-2017-12067[0]: | Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic | function in mkbitmap.c. This does not need any immediate update, since it seems only relates to the mkbitmap cli tool. Main pupose is can you bring that to upstream? The original reporter might not have done that. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12067 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
