Hello. I've made a team upload for Bug #1104509 (Internet access during build), mainly to remove items in the todo list, since the fix was trivial.
I was considering to fix this CVE bug as well, and I actually tried backporting the upstream fix, but then the package would not build anymore (will try to put what I did somewhere). How much feasible would be that we would fix the CVE by packaging the new upstream version (1.3.2) which is available? I could try that if that's the best course of action, but for upgrading to a new upstream release I would prefer somebody else to care of it. [ BTW: Hopefully this email resets the counter for the autoremoval due to this bug ] Thanks.
