Fedora has issued an advisory on August 2: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/ The issue is fixed upstream in 1.9.0.
CC: (none) => nicolas.salguero
Hi, The patch for CVE-2019-17498 already contained the fix for CVE-2019-13115. Best regards, Nico. *** This bug has been marked as a duplicate of bug 25704 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE