A CVE has been assigned for a security issue fixed in potrace 1.15: http://openwall.com/lists/oss-security/2017/03/03/1 The commit that fixed it is linked from: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
The patch linked above is identical to the patch for CVE-2016-8698 that is already in both cauldron and mga5. Moveover, I don't see any sign of 1.15 on either the author's website or his sourceforge location. I don't see anything to do unless we want/need to rename the patch to account for the new CVE number for some reason.
CC: (none) => mrambo
Thanks. *** This bug has been marked as a duplicate of bug 19604 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE