Hi Alexandre, On Wed, Jul 31, 2024 at 10:50:14AM +0200, Alexandre Detiste wrote: > Thank you.
Looking at the code I think the issue is basically still there for the part of CVE-2013-0342, but it's likely that it won't get fixed further given the first issue already fixed in 2.0-2. This was then the reason we have made this <ignored> for any security supported suites back to stretch already. maybe it is worth asking upstream if they plan to handle it as well still, but from Debian perspective I guess we can continue to keep it tracking as unfixed, but "ignore" it in older releases as the time beeing. It might be as well an option to mark it unimportant as "negligible security impact" in the security-tracker. Again, I might be wrong, sometimes it is hard to get again into an unfixed issue after a few years ;-) (here almost 11 years later? :)) Let me know how you think about it. Regards, Salvatore
