Hi Salvatore, On 20-11-17 21:30, Salvatore Bonaccorso wrote: > Sorry for the delayed reply.
NP. > Ok! Your arguing makes sense to me, and I went ahead to mark the > issue as no-dsa for stretch and jessie. Thanks. > Still if upstream provides > help in adressing any of those two issues would be great to se fixes > at some point e.g. via a point release or picked up in a DSA as well. Sure, will do. I am hoping that upstream will provide a patch for CVE-2009-4112 in a reasonable time from now. Upstream has really stepped up since the preparation of 1.x started and they were getting closer to actually releasing it. If/once that happens, I'll make sure I'll backport both that patch and the one for this issue, but then it is worth the effort in my opinion. Paul
signature.asc
Description: OpenPGP digital signature
