Hi, I recently (well, two weeks ago, that is) reported a number of security problems in cups-pdf, originally filed under #259993. Please read the BTS entry for details on the development up to the current situation: The maintainer of cups-pdf, Martin-Éric Racine, has degraded all the bugs to important, thus making them non-release-critical.
Even though I haven't tried to exploit them I'm quite sure that at least two of them can be used to obtain root privileges quite easily. That is why I think that it is not appropriate to change their severity to anything not release critical without an explanation of why they aren't a problem. Well, what do you think about this? Cya, Florian
