Hi tony, Am Sonntag, den 04.04.2021, 21:05 -0700 schrieb tony mancill: > On Sat, Mar 27, 2021 at 07:54:11PM +0100, Salvatore Bonaccorso wrote: > > Source: libpdfbox2-java > > Version: 2.0.22-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://issues.apache.org/jira/browse/PDFBOX-5112 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > > t...@security.debian.org> > > Hi, > > I took a look at this and I think the best thing to do for our users is > to upload 2.0.23 instead of trying pick backport just the CVE changes > from this set of commits [1]. > > The 2.0.23 package builds without any other changes and doesn't > introduce any API changes [2]. This will address both CVE-2021-27807 > and CVE-2021-27906.
That sounds reasonable to me. Thanks for the update! Markus
signature.asc
Description: This is a digitally signed message part
