hi Oxan, On Thu, Dec 31, 2020 at 05:11:13PM +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2020-12-20 at 20:48 +0100, Oxan van Leeuwen wrote: > > Upstream recently discovered a potential remote denial-of-service > > attack in postsrsd (CVE-2020-35573) [1]. Fortunately, this issue is > > currently not exploitable in Debian due to gcc optimizing the > > problematic loop away. Thus, the security has decided not to issue a > > DSA [2], but instead suggested to fix it > > through a stable update. > > > > Please go ahead.
I noticed that today there was an upload to security-master for it. Given our previous discussion, was this an oversight? I just have rejected the package, could you please upload it for the upcoming point release instead to ftp-master? Regards, Salvatore
