changelog of cups-pdf on http://cip.physik.uni-wuerzburg.de/~vrbehr/cups-pdf/ reads: 08/10/2004 : 1.5.2 (SRPM) - fixed insecure creation of spoolfile 1.5.2 is in the tree but ~arch masked, while 1.3.1 is marked stable also 1.6.4 is out as mentioned in bug #66481
Printing, do you prefer to push 1.5.2 to x86 stable or upgrade everyone to 1.6.4 ?
marked 1.5.2 stable on x86 and commited 1.6.4 as ~x86
Please vote on GLSA need
so the question is whether or not 1.3.1 is vulnerable or if this is a bug unique to the 1.5.x series?
Not only. It's also if this warrants a GLSA or not. B3 vulns needs a vote. Given the package profile, I would vote no.
ok, I vote no as well.
Closing without GLSA.