Hi Jonas, On Mon, Nov 18, 2019 at 10:34:17PM +0100, Jonas Smedegaard wrote: > Control: severity -1 important > > Quoting Salvatore Bonaccorso (2019-11-14 22:47:49) > > Source: ghostscript > > Version: 9.50~dfsg-2 > > Severity: grave > > Tags: security upstream > > Control: found -1 9.26a~dfsg-0+deb9u5 > > Control: found -1 9.26a~dfsg-0+deb9u1 > > Control: found -1 9.27~dfsg-2+deb10u2 > > Control: found -1 9.27~dfsg-1 > > Control: found -1 9.27~dfsg-3.1 > > Control: fixed -1 9.26a~dfsg-0+deb9u6 > > Control: fixed -1 9.27~dfsg-2+deb10u3 > > > > Hi, > > > > The following vulnerability was published for ghostscript. I can agree > > the severity is not exaclty matching, as for 9.50 itself, it's not > > anymore directly exploitable (unless with -dOLDSAFER). Still it cannot > > be considred fixed, only after applying [1]. > > Lowering severity to avoid this blocking more grave security fixes > entering testing.
Possible tho cherry-pick as well the fixing commit so we can get the CVE out of the radar for bullseye/sid? Regards, Salvatore
