<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5e37e0dc075b6da390cac870875b602f2be191">4d5e37e0</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-12-23T15:57:31Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update information on CVE-2019-19847/libspiro

The issue is actually in an exported function, spiro_to_bpath0, but it's

not in the 'advertised' API. Cf.

https://github.com/fontforge/libspiro/issues/21#issuecomment-567983822 .

But no users seem present of the respective problematic function and as

such opted to mark it with negligible impact.

Safer might be to actually revert this, and mark it no-dsa.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5e37e0dc075b6da390cac870875b602f2be191#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5e37e0dc075b6da390cac870875b602f2be191">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5e37e0dc075b6da390cac870875b602f2be191"}}</script>

</p>

</div>

</body>

</html>