Hi, On Mon, May 22, 2023 at 09:39:34AM +0000, Thorsten Alteholz wrote: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: unblock > > Please unblock and age package cups-filters > > [ Reason ] > CVE-2023-24805 (RCE due to missing input sanitising) > > [ Impact ] > The user would be vulnerable to remote code execution. > > [ Tests ] > There is no special test for this patch, only a POC that no > longer worked after applying the patch. > > [ Risks ] > The patch was provided by upstream and approved by the security team > (upload to Bullseye already done). > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > unblock cups-filters/1.28.17-3
FWIW, is was as well for bullseye released via a DSA. Thorsten, there seems to be as well a piuparts regression blocking it, can you have a look? Regards, Salvatore
