Control: tags -1 + confirmed On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote: > The update fixes two vulnerabilities with low priority, i.e. > the security team has decided not to issue a DSA. > > [ Impact ] > CVE-2022-34300: Heap overflow in DecodePixelData > CVE-2022-38529: Heap overflow in rleUncompress >
+ * Fix low-priority vulnerabilities I'm not sure I'd use that wording in a changelog personally - more likely just "fix security issues" or "backport fixes" or similar - but it's up to you. Please go ahead. Regards, Adam
