David Bremner <brem...@debian.org> writes: > Source: cxref > Version: 1.6e-3 > Severity: important > Tags: security > X-Debbugs-Cc: debian-emac...@lists.debian.org, Debian Security Team > <t...@security.debian.org> > > dh_elpa prior to 1.16 is vulnerable to a path-injection bug via > $HOME. Please do a sourceful upload to rebuild against dh_elpa > 2.x. This will have the additional advantage of allowing future > maintainer script bugs to be fixed without a sourceful upload. >
As far as I can tell, dh_elpa is not actually used. It will help the dh_elpa maintainers if you remove the unused build-dependency when closing this bug. d
signature.asc
Description: PGP signature
